allaboutltc.org
Issued by R3
About this certificate
This digital certificate with serial number 03:58:28:e5:4e:c0:1c:de:63:98:59:47:73:7f:13:86:ff:90 was issued on by Let's Encrypt.
With 12 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=allaboutltc.org
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 03:58:28:e5:4e:c0:1c:de:63:98:59:47:73:7f:13:86:ff:90Serial Number (int): 291336065837384016554792367863992387305360
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 66:38:75:4e:8e:8c:83:3f:96:87:0e:36:86:01:de:e5:6c:91:64:f4
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 0d:2e:40:29:ca:49:1c:f5:f8:32:47:1a:79:f6:c9:8f:5c:99:a1:1f
Fingerprint (sha256): 41:9c:c9:8a:3b:ed:9c:2d:02:67:30:f2:bb:31:26:df:1d:5c:09:48:55:c3:8f:bc:03:9c:54:ac:ba:55:3d:5c
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate allaboutltc.org
12
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for allaboutltc.org
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
allaboutltc.org
attorneyad.com
dbhenline.com
habitatformonarchs.com
houstonresidentialconstructioncompany.com
oliveduntleyfloristchristmas.com
ruisalgado.com
sandiegomontessorischool.com
settlementannuity.com
truhaiku4u.com
weddingpr.com
www.nusugarunsugar.com
attorneyad.com
dbhenline.com
habitatformonarchs.com
houstonresidentialconstructioncompany.com
oliveduntleyfloristchristmas.com
ruisalgado.com
sandiegomontessorischool.com
settlementannuity.com
truhaiku4u.com
weddingpr.com
www.nusugarunsugar.com
Other certificates including the domain name allaboutltc.org
(limited to 100 certificates)
syllabus.marketing
starband.ca
goldenoldies.ca
starband.ca
starband.ca
allaboutltc.org
allaboutltc.org
allaboutltc.org
tksimplex.cc
fifa.fund
starband.ca
register.cubscoutpack136.org
allaboutltc.org
allaboutltc.org
starband.ca
allaboutltc.org
allaboutltc.org
kiesza.ca
worldofwellness.life
allaboutltc.org
starband.ca
sanus.world
allaboutltc.org
allaboutltc.org
starband.ca
starband.ca
starband.ca
erin-gee.media
parcel2go.co.za
allaboutltc.org
starband.ca
starband.ca
starband.ca
goldenoldies.ca
starband.ca
starband.ca
allaboutltc.org
allaboutltc.org
allaboutltc.org
tksimplex.cc
fifa.fund
starband.ca
register.cubscoutpack136.org
allaboutltc.org
allaboutltc.org
starband.ca
allaboutltc.org
allaboutltc.org
kiesza.ca
worldofwellness.life
allaboutltc.org
starband.ca
sanus.world
allaboutltc.org
allaboutltc.org
starband.ca
starband.ca
starband.ca
erin-gee.media
parcel2go.co.za
allaboutltc.org
starband.ca
starband.ca
Certificate
The complete raw certificate details for allaboutltc.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF8DCCBNigAwIBAgISA1go5U7AHN5jmFlHc38Thv+QMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDA0MjcxMzQzMjNaFw0yNDA3MjYxMzQzMjJaMBoxGDAWBgNVBAMT D2FsbGFib3V0bHRjLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AK3iQvbyRdW9T4hjuYYdiKW4Z7E50Tw97rPyxCnAstMzGhiplUIIckZARBqXPH3V FFrcJDYLkTP7e764nin2ty/0EcaJAfChpPTA9eWkBdCcaBag+k+DR1Lqd96y3Goq FKTwWOZAah3QkFYvAtty4EMjaePrR06CVF17puRATiXfqHemZO+GjHFU5zBZeeHA DBDcJgAJlZkk+wHprl0yxyNIXB/SWMsS2XILZ8c+/gPV3dv3fW/PSjNRllDI9XL2 b7roThZtazo+EKlmYg5gDzNeLW0bOixbcgLZgHg7U0xo9B7XZ5hCIrgcibTDFs4o ihIII1mUMX6j1r89GeWhAZMCAwEAAaOCAxYwggMSMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV HQ4EFgQUZjh1To6Mgz+Whw42hgHe5WyRZPQwHwYDVR0jBBgwFoAUFC6zF7dYVsuu UAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8v cjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9y Zy8wggEeBgNVHREEggEVMIIBEYIPYWxsYWJvdXRsdGMub3Jngg5hdHRvcm5leWFk LmNvbYINZGJoZW5saW5lLmNvbYIWaGFiaXRhdGZvcm1vbmFyY2hzLmNvbYIpaG91 c3RvbnJlc2lkZW50aWFsY29uc3RydWN0aW9uY29tcGFueS5jb22CIG9saXZlZHVu dGxleWZsb3Jpc3RjaHJpc3RtYXMuY29tgg5ydWlzYWxnYWRvLmNvbYIcc2FuZGll Z29tb250ZXNzb3Jpc2Nob29sLmNvbYIVc2V0dGxlbWVudGFubnVpdHkuY29tgg50 cnVoYWlrdTR1LmNvbYINd2VkZGluZ3ByLmNvbYIWd3d3Lm51c3VnYXJ1bnN1Z2Fy LmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA 7wB1AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABjyACw5gAAAQD AEYwRAIgRs68rIu/gQiNL/URQTYRxj9nrH/pOVm9j5GzqAzYK9QCICQVBFyyGVnQ 9T7PzlANJWzaAZByfql2p8oUEM377oxkAHYA3+FW66oFr7WcD4ZxjajAMk6uVtlu p/WlagHRwTu+UlwAAAGPIALEVgAABAMARzBFAiEAv2ctyvZnJPRDPN01bExO6/lf W4ItaW8uDW0gjgVOBtcCIDUGPkKtUR3rapBAUZCpMitmhVoscY2UHYpOXp1vlPA4 MA0GCSqGSIb3DQEBCwUAA4IBAQA50b+b1Pn8x7EHXjffELvz2sRQqDRBksHOUR56 2Vkfi9ckCEKMYe9coX3mq4ZLqRqss3wLDaEE3RxUlU///TkF/0C6Y7/KupXf/YUR h9jz1vJd5JI7Rlro/sBfSk1ahG/QW7+18iOnKDzV40bDWEgSyyBIibPpnyglM8eT amCEhMlRGpUXf+fQeVP17XR7rwevOcfqifGbkgEFqAtmjjoUkShBNfuZBiFnT817 gQ0tkX5PEnAGumeu3mic634tP08v1xcRMb6c8/3Cy7B4mMOpu2wACcj0drX7+lvM b59GWQb2PSzaMsOVx9Lih/aUNpGsiktjLZtOxyZpximtDNbc -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreJC9vJF1b1PiGO5hh2I pbhnsTnRPD3us/LEKcCy0zMaGKmVQghyRkBEGpc8fdUUWtwkNguRM/t7vrieKfa3 L/QRxokB8KGk9MD15aQF0JxoFqD6T4NHUup33rLcaioUpPBY5kBqHdCQVi8C23Lg QyNp4+tHToJUXXum5EBOJd+od6Zk74aMcVTnMFl54cAMENwmAAmVmST7AemuXTLH I0hcH9JYyxLZcgtnxz7+A9Xd2/d9b89KM1GWUMj1cvZvuuhOFm1rOj4QqWZiDmAP M14tbRs6LFtyAtmAeDtTTGj0HtdnmEIiuByJtMMWziiKEggjWZQxfqPWvz0Z5aEB kwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 291336065837384016554792367863992387305360 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-27 13:43:23 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-26 13:43:22 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'allaboutltc.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21950800502933708949818717265123799743340356770772317115371685517338442580658840609985363401887588209662385331103459112111925597160650018556364596648586049725093921028540599304450436379794351619701949391125251612637116501742918793133796610309817631467639457068072007313803664114532500377080241538513706765635473110499473666639815623860081791887756665361190343597016446026004793064741339235949046226805128341915402218916566853197765892759895989783538539369561934108846880207224562957819964324604401179619234553523410806769212440538367629129320988886030666191641760391677828202905664232043054930511119724712419670426003 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 6638754e8e8c833f96870e368601dee56c9164f4 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (277 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'allaboutltc.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'attorneyad.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dbhenline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'habitatformonarchs.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'houstonresidentialconstructioncompany.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oliveduntleyfloristchristmas.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ruisalgado.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandiegomontessorischool.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'settlementannuity.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'truhaiku4u.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'weddingpr.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nusugarunsugar.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes) 00ef0075003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018f2002c3980000040300463044022046cebcac8bbf81088d2ff511413611c63f67ac7fe93959bd8f91b3a80cd82bd402202415045cb21959d0f53ecfce500d256cda0190727ea976a7ca1410cdfbee8c64007600dfe156ebaa05afb59c0f86718da8c0324eae56d96ea7f5a56a01d1c13bbe525c0000018f2002c4560000040300473045022100bf672dcaf66724f4433cdd356c4c4eebf95f5b822d696f2e0d6d208e054e06d7022035063e42ad511deb6a90405190a9322b66855a2c718d941d8a4e5e9d6f94f038 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0039d1bf9bd4f9fcc7b1075e37df10bbf3dac450a8344192c1ce511e7ad9591f8bd72408428c61ef5ca17de6ab864ba91aacb37c0b0da104dd1c54954ffffd3905ff40ba63bfcaba95dffd851187d8f3d6f25de4923b465ae8fec05f4a4d5a846fd05bbfb5f223a7283cd5e346c3584812cb204889b3e99f282533c7936a608484c9511a95177fe7d07953f5ed747baf07af39c7ea89f19b920105a80b668e3a1491284135fb990621674fcd7b810d2d917e4f127006ba67aede689ceb7e2d3f4f2fd7171131be9cf3fdc2cbb07898c3a9bb6c0009c8f476b5fbfa5bcc6f9f465906f63d2cda32c395c7d2e287f6943691ac8a4b632d9b4ec72669c629ad0cd6dc