bo.opacweb.io

Issued by R3

About this certificate

This digital certificate with serial number 04:a7:bb:a2:aa:49:0c:3e:af:27:4b:a4:2a:8b:23:da:70:c0 was issued on by Let's Encrypt.

With 90 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=bo.opacweb.io

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 04:a7:bb:a2:aa:49:0c:3e:af:27:4b:a4:2a:8b:23:da:70:c0
Serial Number (int): 405525709243937649980170940324397354479808
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 2b:fc:42:14:55:c3:87:ba:fe:2f:0e:d6:af:9e:2b:8b:40:c6:01:d2
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 02:56:80:43:d3:0a:60:56:93:ed:49:0d:67:30:6c:fc:d3:0a:36:18
Fingerprint (sha256): 3f:99:65:11:ad:b1:84:c3:45:94:d8:4c:08:f4:75:9c:48:91:c7:19:23:0f:bd:b8:cc:15:95:d7:98:7c:1d:53

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate bo.opacweb.io

90

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for bo.opacweb.io

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

augustins.opacweb.io
bo.opacweb.io
bota-collections.museum-grenoble.fr
botanique-museum-angers.opacweb.io
capc-bordeaux.opacweb.fr
catzarts.beauxartsparis.fr
centrederessources.museedelaposte.fr
charles-negre.opacweb.io
cite-de-la-ceramique.opacweb.io
collection-museumtoulouse.opacweb.io
collections-mba.nancy.fr
collections-musees.cholet.fr
collections-musees.nyon.ch
collections-resistance.limoges.fr
collections.mahn.ch
collections.mba-lyon.fr
collections.mba-pau.opacweb.io
collections.mbaq.fr
collections.musee-art-industrie.saint-etienne.fr
collections.museedelaposte.fr
collections.musees-dunkerque.eu
collections.musees.marseille.fr
collections.museum-grenoble.fr
collections.museum-histoirenaturelle.opacweb.io
collections.museumaquariumdenancy.eu
collections.vallee-aux-loups.hauts-de-seine.fr
collectionsmusees.vaucluse.fr
collectionspatrimoniales.monnaiedeparis.fr
demo.opacweb.io
documentation-sarreguemines.opacweb.io
documentationmusees.vaucluse.fr
dulama.opacweb.io
ensba.opacweb.io
espacebrassens.ville-sete.opacweb.io
ferudessciences.opacweb.io
geologie-museum-angers.opacweb.io
mba-pau.opacweb.fr
mhc-opacweb.lille.fr
mian-anatole-jakovsky.opacweb.io
min-collections.museum-grenoble.fr
mobydoc.opacweb.fr
modydev.opacweb.io
musba-bordeaux-bibliotheque.opacweb.fr
musba-bordeaux.opacweb.fr
musee-antoine-vivenel.opacweb.fr
musee-aquitaine.opacweb.fr
musee-breton-oai.finistere.fr
musee-breton.finistere.fr
musee-carouge.opacweb.io
musee-cheret.opacweb.io
musee-cimiez.opacweb.io
musee-de-la-figurine-historique-compiegne.opacweb.fr
musee-des-arts-anciens.collections.opacweb.io
musee-evreux.opacweb.io
musee-goupil.opacweb.fr
musee-leondierx.opacweb.io
musee-massena.opacweb.io
musee-matisse.opacweb.io
musee-test.opacweb.io
musee-villele.opacweb.io
museeducheval.opacweb.io
museenouvellecaledonie-collections.gouv.nc
museenouvellecaledonie-ipkd.gouv.nc
musees.aude.opacweb.io
musees.boulognebillancourt.com
musees.ville-poissy.fr
museesaintquentinenyvelines.opacweb.io
museeseburomagus.aude.opacweb.io
museespetiet.aude.opacweb.io
museum-angers.opacweb.io
museum.auxerre.fr
museumtoulouse.opacweb.io
ow-mba.angers.fr
palais-lascaris.opacweb.io
paleo-collections.museum-grenoble.fr
pba-opacweb.lille.fr
peterboroughmuseum.opacweb.io
prehistoire-museum-angers.opacweb.io
provincedenamur-collection.opacweb.fr
sarreguemines-museum.opacweb.io
terra-amata.opacweb.io
www.augustins.org
www.collections-musee-rops.be
www.collections.musee-art-industrie.saint-etienne.fr
www.lemiv.fr
www.memoire14-45.eu
www.musee-conde.fr
www.museegoya.fr
www.sarreguemines-museum.fr
zoo-collections.museum-grenoble.fr

Other certificates including the domain name opacweb.io

(limited to 100 certificates)
bo.opacweb.io
bo.opacweb.io
bo.opacweb.io

Certificate

The complete raw certificate details for bo.opacweb.io in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIPbTCCDlWgAwIBAgISBKe7oqpJDD6vJ0ukKosj2nDAMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDA1MjMwOTQ3MjZaFw0yNDA4MjEwOTQ3MjVaMBgxFjAUBgNVBAMT
DWJvLm9wYWN3ZWIuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH
ri4vqt64C3HRBQm7/SgX59ztZKqVGJOhXLLQ4wcVwsOdAjSc4Dzy1vVnZhthBrJh
q8fSoOrXaqMW1mc8gI4nu5O4OMxwszYpdsgJzSiE0CLLEafScXPAl1d3UcUgZV/b
UB8hYLHyPUzsiGocbz5Qx8kVvnNcsUHt73GDXTlL8bISiBoonwhPu/a1Mil5ELB9
/D1GM8DCiMJJ6sYcorZBLCJgsNLh2c+Wxaz907HiNJhh8T3JlXxnRpDODpbfwrES
Dm79OG/3ijNkAj8DNh2BrzD8XsBkzznL/1jOu+xj0VmCCgHs42KtzCtFN6RD/Qnj
Ohv9IdhyR2oTXl4BxW3dAgMBAAGjggyVMIIMkTAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
BBYEFCv8QhRVw4e6/i8O1q+eK4tAxgHSMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
MIIKngYDVR0RBIIKlTCCCpGCFGF1Z3VzdGlucy5vcGFjd2ViLmlvgg1iby5vcGFj
d2ViLmlvgiNib3RhLWNvbGxlY3Rpb25zLm11c2V1bS1ncmVub2JsZS5mcoIiYm90
YW5pcXVlLW11c2V1bS1hbmdlcnMub3BhY3dlYi5pb4IYY2FwYy1ib3JkZWF1eC5v
cGFjd2ViLmZyghpjYXR6YXJ0cy5iZWF1eGFydHNwYXJpcy5mcoIkY2VudHJlZGVy
ZXNzb3VyY2VzLm11c2VlZGVsYXBvc3RlLmZyghhjaGFybGVzLW5lZ3JlLm9wYWN3
ZWIuaW+CH2NpdGUtZGUtbGEtY2VyYW1pcXVlLm9wYWN3ZWIuaW+CJGNvbGxlY3Rp
b24tbXVzZXVtdG91bG91c2Uub3BhY3dlYi5pb4IYY29sbGVjdGlvbnMtbWJhLm5h
bmN5LmZyghxjb2xsZWN0aW9ucy1tdXNlZXMuY2hvbGV0LmZyghpjb2xsZWN0aW9u
cy1tdXNlZXMubnlvbi5jaIIhY29sbGVjdGlvbnMtcmVzaXN0YW5jZS5saW1vZ2Vz
LmZyghNjb2xsZWN0aW9ucy5tYWhuLmNoghdjb2xsZWN0aW9ucy5tYmEtbHlvbi5m
coIeY29sbGVjdGlvbnMubWJhLXBhdS5vcGFjd2ViLmlvghNjb2xsZWN0aW9ucy5t
YmFxLmZygjBjb2xsZWN0aW9ucy5tdXNlZS1hcnQtaW5kdXN0cmllLnNhaW50LWV0
aWVubmUuZnKCHWNvbGxlY3Rpb25zLm11c2VlZGVsYXBvc3RlLmZygh9jb2xsZWN0
aW9ucy5tdXNlZXMtZHVua2VycXVlLmV1gh9jb2xsZWN0aW9ucy5tdXNlZXMubWFy
c2VpbGxlLmZygh5jb2xsZWN0aW9ucy5tdXNldW0tZ3Jlbm9ibGUuZnKCL2NvbGxl
Y3Rpb25zLm11c2V1bS1oaXN0b2lyZW5hdHVyZWxsZS5vcGFjd2ViLmlvgiRjb2xs
ZWN0aW9ucy5tdXNldW1hcXVhcml1bWRlbmFuY3kuZXWCLmNvbGxlY3Rpb25zLnZh
bGxlZS1hdXgtbG91cHMuaGF1dHMtZGUtc2VpbmUuZnKCHWNvbGxlY3Rpb25zbXVz
ZWVzLnZhdWNsdXNlLmZygipjb2xsZWN0aW9uc3BhdHJpbW9uaWFsZXMubW9ubmFp
ZWRlcGFyaXMuZnKCD2RlbW8ub3BhY3dlYi5pb4ImZG9jdW1lbnRhdGlvbi1zYXJy
ZWd1ZW1pbmVzLm9wYWN3ZWIuaW+CH2RvY3VtZW50YXRpb25tdXNlZXMudmF1Y2x1
c2UuZnKCEWR1bGFtYS5vcGFjd2ViLmlvghBlbnNiYS5vcGFjd2ViLmlvgiRlc3Bh
Y2VicmFzc2Vucy52aWxsZS1zZXRlLm9wYWN3ZWIuaW+CGmZlcnVkZXNzY2llbmNl
cy5vcGFjd2ViLmlvgiFnZW9sb2dpZS1tdXNldW0tYW5nZXJzLm9wYWN3ZWIuaW+C
Em1iYS1wYXUub3BhY3dlYi5mcoIUbWhjLW9wYWN3ZWIubGlsbGUuZnKCIG1pYW4t
YW5hdG9sZS1qYWtvdnNreS5vcGFjd2ViLmlvgiJtaW4tY29sbGVjdGlvbnMubXVz
ZXVtLWdyZW5vYmxlLmZyghJtb2J5ZG9jLm9wYWN3ZWIuZnKCEm1vZHlkZXYub3Bh
Y3dlYi5pb4ImbXVzYmEtYm9yZGVhdXgtYmlibGlvdGhlcXVlLm9wYWN3ZWIuZnKC
GW11c2JhLWJvcmRlYXV4Lm9wYWN3ZWIuZnKCIG11c2VlLWFudG9pbmUtdml2ZW5l
bC5vcGFjd2ViLmZyghptdXNlZS1hcXVpdGFpbmUub3BhY3dlYi5mcoIdbXVzZWUt
YnJldG9uLW9haS5maW5pc3RlcmUuZnKCGW11c2VlLWJyZXRvbi5maW5pc3RlcmUu
ZnKCGG11c2VlLWNhcm91Z2Uub3BhY3dlYi5pb4IXbXVzZWUtY2hlcmV0Lm9wYWN3
ZWIuaW+CF211c2VlLWNpbWllei5vcGFjd2ViLmlvgjRtdXNlZS1kZS1sYS1maWd1
cmluZS1oaXN0b3JpcXVlLWNvbXBpZWduZS5vcGFjd2ViLmZygi1tdXNlZS1kZXMt
YXJ0cy1hbmNpZW5zLmNvbGxlY3Rpb25zLm9wYWN3ZWIuaW+CF211c2VlLWV2cmV1
eC5vcGFjd2ViLmlvghdtdXNlZS1nb3VwaWwub3BhY3dlYi5mcoIabXVzZWUtbGVv
bmRpZXJ4Lm9wYWN3ZWIuaW+CGG11c2VlLW1hc3NlbmEub3BhY3dlYi5pb4IYbXVz
ZWUtbWF0aXNzZS5vcGFjd2ViLmlvghVtdXNlZS10ZXN0Lm9wYWN3ZWIuaW+CGG11
c2VlLXZpbGxlbGUub3BhY3dlYi5pb4IYbXVzZWVkdWNoZXZhbC5vcGFjd2ViLmlv
giptdXNlZW5vdXZlbGxlY2FsZWRvbmllLWNvbGxlY3Rpb25zLmdvdXYubmOCI211
c2Vlbm91dmVsbGVjYWxlZG9uaWUtaXBrZC5nb3V2Lm5jghZtdXNlZXMuYXVkZS5v
cGFjd2ViLmlvgh5tdXNlZXMuYm91bG9nbmViaWxsYW5jb3VydC5jb22CFm11c2Vl
cy52aWxsZS1wb2lzc3kuZnKCJm11c2Vlc2FpbnRxdWVudGluZW55dmVsaW5lcy5v
cGFjd2ViLmlvgiBtdXNlZXNlYnVyb21hZ3VzLmF1ZGUub3BhY3dlYi5pb4IcbXVz
ZWVzcGV0aWV0LmF1ZGUub3BhY3dlYi5pb4IYbXVzZXVtLWFuZ2Vycy5vcGFjd2Vi
LmlvghFtdXNldW0uYXV4ZXJyZS5mcoIZbXVzZXVtdG91bG91c2Uub3BhY3dlYi5p
b4IQb3ctbWJhLmFuZ2Vycy5mcoIacGFsYWlzLWxhc2NhcmlzLm9wYWN3ZWIuaW+C
JHBhbGVvLWNvbGxlY3Rpb25zLm11c2V1bS1ncmVub2JsZS5mcoIUcGJhLW9wYWN3
ZWIubGlsbGUuZnKCHXBldGVyYm9yb3VnaG11c2V1bS5vcGFjd2ViLmlvgiRwcmVo
aXN0b2lyZS1tdXNldW0tYW5nZXJzLm9wYWN3ZWIuaW+CJXByb3ZpbmNlZGVuYW11
ci1jb2xsZWN0aW9uLm9wYWN3ZWIuZnKCH3NhcnJlZ3VlbWluZXMtbXVzZXVtLm9w
YWN3ZWIuaW+CFnRlcnJhLWFtYXRhLm9wYWN3ZWIuaW+CEXd3dy5hdWd1c3RpbnMu
b3Jngh13d3cuY29sbGVjdGlvbnMtbXVzZWUtcm9wcy5iZYI0d3d3LmNvbGxlY3Rp
b25zLm11c2VlLWFydC1pbmR1c3RyaWUuc2FpbnQtZXRpZW5uZS5mcoIMd3d3Lmxl
bWl2LmZyghN3d3cubWVtb2lyZTE0LTQ1LmV1ghJ3d3cubXVzZWUtY29uZGUuZnKC
EHd3dy5tdXNlZWdveWEuZnKCG3d3dy5zYXJyZWd1ZW1pbmVzLW11c2V1bS5mcoIi
em9vLWNvbGxlY3Rpb25zLm11c2V1bS1ncmVub2JsZS5mcjATBgNVHSAEDDAKMAgG
BmeBDAECATCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AO7N0GTV2xrOxVy3nbTN
E6Iyh0Z8vOzew1FIWUZxH7WbAAABj6UQFxcAAAQDAEYwRAIgayHOqC9QhAKe3tux
arXugVid4Eb0KEp9gcQHOu1NkXACIE9L4cMy8+q4wx+cG/qhQxQ1A2Mynu6ml0PY
LSzrqIqDAHUA3+FW66oFr7WcD4ZxjajAMk6uVtlup/WlagHRwTu+UlwAAAGPpRAX
ywAABAMARjBEAiAy/BdRAqeUjX3uyDrGEeTOC3bg1hkXEGUJ8uCO4o8zKwIgQoXU
OlskZu4CcJ8Y7N1qOStVEw9qAAgQEmljnBEhnWwwDQYJKoZIhvcNAQELBQADggEB
ABR8N/RyCfRUYVkZgrco3lgigCgAKFc0jM7ZMiwAehRSceeGQkScP55O/+hGEgn4
eiHkEFGSxBppHISY4LIWukd/dm0J2XJkZIGZtKu0GLRCHCfnNvUWEPFvq2XHY9mA
fuahektiz+hQtAA0NtmAk6c7je5SM8CzTk4qTi09gXphLvqUXndlKDlZg2lgy3t4
WfVvFfvwgm/4WBicAWX1cKHkL+VdvAIJ9BaJPIBDIgMrpCv+TV3sbVk8FPzKQLGo
Qf99CHmvns2dO2V5DHODxCusELO61wOFMR5Vlds5IGQsYjybUdjMQvk7c0F8sXlX
TzxQBs6VLnaRi3xb8g/KzVw=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx64uL6reuAtx0QUJu/0o
F+fc7WSqlRiToVyy0OMHFcLDnQI0nOA88tb1Z2YbYQayYavH0qDq12qjFtZnPICO
J7uTuDjMcLM2KXbICc0ohNAiyxGn0nFzwJdXd1HFIGVf21AfIWCx8j1M7IhqHG8+
UMfJFb5zXLFB7e9xg105S/GyEogaKJ8IT7v2tTIpeRCwffw9RjPAwojCSerGHKK2
QSwiYLDS4dnPlsWs/dOx4jSYYfE9yZV8Z0aQzg6W38KxEg5u/Thv94ozZAI/AzYd
ga8w/F7AZM85y/9YzrvsY9FZggoB7ONircwrRTekQ/0J4zob/SHYckdqE15eAcVt
3QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 405525709243937649980170940324397354479808
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-23 09:47:26 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-08-21 09:47:25 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'bo.opacweb.io'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25207314252029503777468057749581910129311691599979707365060603401644529690597118179520721124328836409065075139124675790765060180324391502867555855779591803885053030671440291263752109094201769890033871205788638169626061676388860726177355139408192638378282375204300572373267937492220485438526047547553811547691159050824900428297835120507356503071096860378749002390186015655682577776837063741011547957426807843931460109480217306021968553191833947529150277825220504213534108552308093213938834517482009962993589176217306365915886669702987367045309183645140732299803195556922550921313893547754348521543777123279843048648157
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2bfc421455c387bafe2f0ed6af9e2b8b40c601d2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2709 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'augustins.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bo.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bota-collections.museum-grenoble.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'botanique-museum-angers.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'capc-bordeaux.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'catzarts.beauxartsparis.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'centrederessources.museedelaposte.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'charles-negre.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cite-de-la-ceramique.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collection-museumtoulouse.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections-mba.nancy.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections-musees.cholet.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections-musees.nyon.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections-resistance.limoges.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.mahn.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.mba-lyon.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.mba-pau.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.mbaq.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.musee-art-industrie.saint-etienne.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.museedelaposte.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.musees-dunkerque.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.musees.marseille.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.museum-grenoble.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.museum-histoirenaturelle.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.museumaquariumdenancy.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.vallee-aux-loups.hauts-de-seine.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collectionsmusees.vaucluse.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collectionspatrimoniales.monnaiedeparis.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'demo.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'documentation-sarreguemines.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'documentationmusees.vaucluse.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dulama.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ensba.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'espacebrassens.ville-sete.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ferudessciences.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'geologie-museum-angers.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mba-pau.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mhc-opacweb.lille.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mian-anatole-jakovsky.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'min-collections.museum-grenoble.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobydoc.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'modydev.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musba-bordeaux-bibliotheque.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musba-bordeaux.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-antoine-vivenel.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-aquitaine.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-breton-oai.finistere.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-breton.finistere.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-carouge.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-cheret.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-cimiez.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-de-la-figurine-historique-compiegne.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-des-arts-anciens.collections.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-evreux.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-goupil.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-leondierx.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-massena.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-matisse.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-test.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-villele.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museeducheval.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museenouvellecaledonie-collections.gouv.nc'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museenouvellecaledonie-ipkd.gouv.nc'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musees.aude.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musees.boulognebillancourt.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musees.ville-poissy.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museesaintquentinenyvelines.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museeseburomagus.aude.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museespetiet.aude.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museum-angers.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museum.auxerre.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museumtoulouse.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ow-mba.angers.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'palais-lascaris.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'paleo-collections.museum-grenoble.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pba-opacweb.lille.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'peterboroughmuseum.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prehistoire-museum-angers.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provincedenamur-collection.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sarreguemines-museum.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'terra-amata.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.augustins.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.collections-musee-rops.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.collections.musee-art-industrie.saint-etienne.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lemiv.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.memoire14-45.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.musee-conde.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.museegoya.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sarreguemines-museum.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'zoo-collections.museum-grenoble.fr'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (240 bytes)
							00ee007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018fa5101717000004030046304402206b21cea82f5084029ededbb16ab5ee81589de046f4284a7d81c4073aed4d917002204f4be1c332f3eab8c31f9c1bfaa14314350363329eeea69743d82d2ceba88a83007500dfe156ebaa05afb59c0f86718da8c0324eae56d96ea7f5a56a01d1c13bbe525c0000018fa51017cb0000040300463044022032fc175102a7948d7deec83ac611e4ce0b76e0d61917106509f2e08ee28f332b02204285d43a5b2466ee02709f18ecdd6a392b55130f6a0008101269639c11219d6c
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00147c37f47209f45461591982b728de58228028002857348cced9322c007a145271e78642449c3f9e4effe8461209f87a21e4105192c41a691c8498e0b216ba477f766d09d97264648199b4abb418b4421c27e736f51610f16fab65c763d9807ee6a17a4b62cfe850b4003436d98093a73b8dee5233c0b34e4e2a4e2d3d817a612efa945e7765283959836960cb7b7859f56f15fbf0826ff858189c0165f570a1e42fe55dbc0209f416893c804322032ba42bfe4d5dec6d593c14fcca40b1a841ff7d0879af9ecd9d3b65790c7383c42bac10b3bad70385311e5595db3920642c623c9b51d8cc42f93b73417cb179574f3c5006ce952e76918b7c5bf20fcacd5c