bostonairportcarrental.com
Issued by R3
About this certificate
This digital certificate with serial number 04:bd:92:5b:49:43:72:17:58:f9:b2:da:e4:40:09:ad:a8:34 was issued on by Let's Encrypt.
With 7 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=bostonairportcarrental.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:bd:92:5b:49:43:72:17:58:f9:b2:da:e4:40:09:ad:a8:34Serial Number (int): 412957052347456578039447064593053984335924
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 31:97:e8:d6:7f:e6:a7:bf:a4:50:99:4e:e6:c4:dc:8e:c2:00:c8:39
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): c5:1b:47:62:34:c3:14:39:1f:de:2e:d9:84:a8:7a:21:c5:66:70:a4
Fingerprint (sha256): 36:c2:12:07:65:50:df:b4:da:8d:65:45:19:07:7e:13:16:d1:5a:85:cb:fe:10:6e:b1:48:0d:2b:93:89:e7:7b
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate bostonairportcarrental.com
7
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for bostonairportcarrental.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
atz.co.in
baldwinhomebuyers.com
bangkokforvip.com.gunter.realbrilliance.net
bitsummoner.com.robopimp.io
bostonairportcarrental.com
homeinabox.net.50stateshalfmarathonclub.co
voodoconcept.com
baldwinhomebuyers.com
bangkokforvip.com.gunter.realbrilliance.net
bitsummoner.com.robopimp.io
bostonairportcarrental.com
homeinabox.net.50stateshalfmarathonclub.co
voodoconcept.com
Other certificates including the domain name bostonairportcarrental.com
(limited to 100 certificates)
sengine.org
manzama.org
intimatehygiene.com
logiccreate.com
vtangle.com
bostonairportcarrental.com
letsdolunch.org
alauda.org
cleveland.world
bioabout.me
wtfbroken.hacker.rehab
domainservicesinc.com
wizzbang.org
bioabout.me
cleveland.world
promeia.de
bostonairportcarrental.com
bioabout.me
hostileaggressiveparenting.com
wtfbroken.hacker.rehab
instarem.org
anomali.org
cleveland.world
inspirihub.com
websitedesigngreenwood.com
cleveland.world
bostonairportcarrental.com
healthier-communities.org
dubaisailing.com
oepnsea.com
chiennes.org
trialconsulting.com
bostonairportcarrental.com
metartverse.com
tctfoundation.org
domainservicesinc.com
promeia.de
finehealth.org
kiwanisclubofwestlakeohio.org
0-g.com
teamds.org
bostonairportcarrental.com
cleveland.world
visitvalleywater.org
getlocals.org
manzama.org
intimatehygiene.com
logiccreate.com
vtangle.com
bostonairportcarrental.com
letsdolunch.org
alauda.org
cleveland.world
bioabout.me
wtfbroken.hacker.rehab
domainservicesinc.com
wizzbang.org
bioabout.me
cleveland.world
promeia.de
bostonairportcarrental.com
bioabout.me
hostileaggressiveparenting.com
wtfbroken.hacker.rehab
instarem.org
anomali.org
cleveland.world
inspirihub.com
websitedesigngreenwood.com
cleveland.world
bostonairportcarrental.com
healthier-communities.org
dubaisailing.com
oepnsea.com
chiennes.org
trialconsulting.com
bostonairportcarrental.com
metartverse.com
tctfoundation.org
domainservicesinc.com
promeia.de
finehealth.org
kiwanisclubofwestlakeohio.org
0-g.com
teamds.org
bostonairportcarrental.com
cleveland.world
visitvalleywater.org
getlocals.org
Certificate
The complete raw certificate details for bostonairportcarrental.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFrzCCBJegAwIBAgISBL2SW0lDchdY+bLa5EAJrag0MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEyMjMwODQ3MDFaFw0yNDAzMjIwODQ3MDBaMCUxIzAhBgNVBAMT GmJvc3RvbmFpcnBvcnRjYXJyZW50YWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAtxIG0EWRMRYZABtmSylQ5ZEqY4qLt+oH4/A5Ul2+HGSAGu8Z 9nPHL1TOwX8CcsnlZHwTviz1INGfRP3Lpni6nNGswS8IEXj4NK/5123RtVpvCyr+ +oRhjq+EhrE7t2Rd4AJNn0XP3kTip7PIqwy9LlKCvqNoe2mkgZY4r7OM8i1HZqRU YaDorpLDIDwzNHFm5sS1EPtDxASdLPqo4+KukFMhboyHt1P/J/Fxx8CZp0RBE0Pf HqMtSErrxXeMtp2d9EBL7ENbUJUYlukJtTZpSKTTwJr4YU63ul5xO5mOENPY1Mo6 5LyyA4rO8TSklHOjf32KTJupNs4PpFFLPyySrwIDAQABo4ICyjCCAsYwDgYDVR0P AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB Af8EAjAAMB0GA1UdDgQWBBQxl+jWf+anv6RQmU7mxNyOwgDIOTAfBgNVHSMEGDAW gBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUH MAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3Iz LmkubGVuY3Iub3JnLzCB0QYDVR0RBIHJMIHGgglhdHouY28uaW6CFWJhbGR3aW5o b21lYnV5ZXJzLmNvbYIrYmFuZ2tva2ZvcnZpcC5jb20uZ3VudGVyLnJlYWxicmls bGlhbmNlLm5ldIIbYml0c3VtbW9uZXIuY29tLnJvYm9waW1wLmlvghpib3N0b25h aXJwb3J0Y2FycmVudGFsLmNvbYIqaG9tZWluYWJveC5uZXQuNTBzdGF0ZXNoYWxm bWFyYXRob25jbHViLmNvghB2b29kb2NvbmNlcHQuY29tMBMGA1UdIAQMMAowCAYG Z4EMAQIBMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcAouK/1h7eLy8HoNZObTen 3GVDsMa1LqLat4r4mm31F9gAAAGMlhIntwAABAMASDBGAiEA4k3/0Yd/rhX08HqN Uyhfd8FUcflAtM0Dji6dO4HENNkCIQDQTmFkk3G7r++qPT4QOFlPaQeK0DYosh1l 577Y6ITZJwB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABjJYS J8IAAAQDAEcwRQIgSTpeRD1eO/4QFlzThCUjmTnmdH8jAPt8YRUQUdxB0HoCIQD3 aaeG/xdUesRhY55J6p2o14acgf3pjJRKyuedlalQwzANBgkqhkiG9w0BAQsFAAOC AQEAmqrdmoNzKu/WxwAcVnkdgDTvQ7crPsqSeSr8RWAt80FHJfXnBH6iYUTmsb4e G4Hi9BI2F5KQUKCpof1RQauDItmESbp3u2U9t/Kcx3dkfK5D1FXRvPTANmz1BGQE yYa7zNMkUvWUhq0uoEjpXSHF5wAo/CV1fvS/fvS+x1+87ywzur97je+Rv2OQMP6o 1AvhkE2Ul+jWl7aibm5UaqqBqae9a8OGv2d4PBR6UrsKvsIxlIWqlsFzz/jd7g+O ZDnFOqdq+BIzWOaItYVGsPIQvI6C+l5HAEWeY33JrxObwpgW3+GmFcu+xrW3wUmN FtE7a5I8i1XgmvDeFiTMw5SX+g== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxIG0EWRMRYZABtmSylQ 5ZEqY4qLt+oH4/A5Ul2+HGSAGu8Z9nPHL1TOwX8CcsnlZHwTviz1INGfRP3Lpni6 nNGswS8IEXj4NK/5123RtVpvCyr++oRhjq+EhrE7t2Rd4AJNn0XP3kTip7PIqwy9 LlKCvqNoe2mkgZY4r7OM8i1HZqRUYaDorpLDIDwzNHFm5sS1EPtDxASdLPqo4+Ku kFMhboyHt1P/J/Fxx8CZp0RBE0PfHqMtSErrxXeMtp2d9EBL7ENbUJUYlukJtTZp SKTTwJr4YU63ul5xO5mOENPY1Mo65LyyA4rO8TSklHOjf32KTJupNs4PpFFLPyyS rwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 412957052347456578039447064593053984335924 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-23 08:47:01 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-22 08:47:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'bostonairportcarrental.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23110499064186363855938890851455398827477169592740743288321753037962858713235556526132894804324385680512119343474827138458603244919511371765591021221280809979860636601004356325838119364350526635747442116896181766926635043917131642617310106642693466041788541914817862910031713092934183995126864604322917396600956658973961590298747287589709185453723428715522153192223475852711803985704890556143722627461431447271943009431087497002332005714986600900672678483987980318250610265882711051388008698288508177067527614603891035906268936158771971608274237424016550687427615220098393557669644503760939464260110093854537759363759 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 3197e8d67fe6a7bfa450994ee6c4dc8ec200c839 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (201 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'atz.co.in' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'baldwinhomebuyers.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bangkokforvip.com.gunter.realbrilliance.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bitsummoner.com.robopimp.io' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bostonairportcarrental.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'homeinabox.net.50stateshalfmarathonclub.co' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'voodoconcept.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f1007700a2e2bfd61ede2f2f07a0d64e6d37a7dc6543b0c6b52ea2dab78af89a6df517d80000018c961227b70000040300483046022100e24dffd1877fae15f4f07a8d53285f77c15471f940b4cd038e2e9d3b81c434d9022100d04e61649371bbafefaa3d3e1038594f69078ad03628b21d65e7bed8e884d927007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018c961227c200000403004730450220493a5e443d5e3bfe10165cd38425239939e6747f2300fb7c61151051dc41d07a022100f769a786ff17547ac461639e49ea9da8d7869c81fde98c944acae79d95a950c3 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 009aaadd9a83732aefd6c7001c56791d8034ef43b72b3eca92792afc45602df3414725f5e7047ea26144e6b1be1e1b81e2f4123617929050a0a9a1fd5141ab8322d98449ba77bb653db7f29cc777647cae43d455d1bcf4c0366cf5046404c986bbccd32452f59486ad2ea048e95d21c5e70028fc25757ef4bf7ef4bec75fbcef2c33babf7b8def91bf639030fea8d40be1904d9497e8d697b6a26e6e546aaa81a9a7bd6bc386bf67783c147a52bb0abec2319485aa96c173cff8ddee0f8e6439c53aa76af8123358e688b58546b0f210bc8e82fa5e4700459e637dc9af139bc29816dfe1a615cbbec6b5b7c1498d16d13b6b923c8b55e09af0de1624ccc39497fa