baikal.nimag.net
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:b6:6a:47:4d:8e:36:18:1b:f5:2d:ac:92:29:f9:2e:07:55 was issued on by Let's Encrypt.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=baikal.nimag.net
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:b6:6a:47:4d:8e:36:18:1b:f5:2d:ac:92:29:f9:2e:07:55Serial Number (int): 323409516968534377240476126742517746894677
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 87:f4:67:38:d8:e6:ad:49:a4:f7:85:c5:32:f8:37:7a:d1:ad:ae:81
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 12:b6:d9:30:19:69:c1:af:4f:8d:f4:7a:d2:6c:86:ce:9c:d1:86:8d
Fingerprint (sha256): 42:31:84:b7:9b:ab:cd:8c:ba:5a:de:b3:00:74:cf:7f:54:a0:17:c7:19:d7:e1:a2:73:de:57:fb:6f:76:34:98
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.org/Check the revocation status for certificate baikal.nimag.net
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for baikal.nimag.net
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
8 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
baikal.nimag.net
Other certificates including the domain name nimag.net
(limited to 100 certificates)
s3.nimag.net
ispmail3.nimag.net
ispmail3.nimag.net
grid.nimag.net
ispmail3.nimag.net
lesjardinsdouchy.ch
baikal.nimag.net
ispmail3.nimag.net
openproject.nimag.net
confluences.ch
nimag.net
ispmail1.nimag.net
ftth.nimag.net
lesjardinsdouchy.ch
cockpit.saitis.net
ispmail1.nimag.net
lesjardinsdouchy.ch
ispmail3.nimag.net
dev.webmail.nimag.net
admin.nimag.net
ispmail3.nimag.net
nimag.net
nimag.net
olympiafilms.com
dev.webmail.nimag.net
*.ssl.nimag.net
s3.nimag.net
s3.nimag.net
isptest1.nimag.net
unifi.nimag.net
www.nimag.net
ispmail3.nimag.net
wiki.nimag.net
ispmail2.nimag.net
extranet.ssl.nimag.net
ispmail2.nimag.net
mailcleanerpro.saitis.net
nimag.net
mail.nimag.net
admin.nimag.net
ispmail2.nimag.net
plesk9.nimag.net
nimag.net
wiki.nimag.net
admin.nimag.net
ispmail1.nimag.net
ispmail3.nimag.net
nimag.net
baikal.nimag.net
baikal.nimag.net
admin.nimag.net
olympiafilms.com
ispmail1.nimag.net
stats.nimag.net
nimag.net
ispmail2.nimag.net
ispmail1.nimag.net
www.nimag.net
nimag.net
bruno.vserver.nimag.net
antispam.nimag.net
b-o-v-arch.ch
olympiafilms.com
extranet.ssl.nimag.net
files.nimag.net
mailcleanerpro.saitis.net
cololausanne.ch
ispmail2.nimag.net
nimag.net
olympiafilms.com
ispmail3.nimag.net
ispmail3.nimag.net
ispmail3.nimag.net
cockpit.saitis.net
meige.ch
baikal.nimag.net
ispmail2.nimag.net
ispmail3.nimag.net
nimag.net
openproject.nimag.net
smtp.nimag.net
antispam.nimag.net
lesjardinsdouchy.ch
extranet.ssl.nimag.net
lesjardinsdouchy.ch
admin.nimag.net
git.nimag.net
baikal.nimag.net
olympiafilms.com
ispmail3.nimag.net
b-o-v-arch.ch
admin.nimag.net
ispmail1.nimag.net
extranet.ssl.nimag.net
nimag.net
bbb.nimag.net
nimag.net
admin.nimag.net
bruno.vserver.nimag.net
nimag.net
ispmail3.nimag.net
ispmail3.nimag.net
grid.nimag.net
ispmail3.nimag.net
lesjardinsdouchy.ch
baikal.nimag.net
ispmail3.nimag.net
openproject.nimag.net
confluences.ch
nimag.net
ispmail1.nimag.net
ftth.nimag.net
lesjardinsdouchy.ch
cockpit.saitis.net
ispmail1.nimag.net
lesjardinsdouchy.ch
ispmail3.nimag.net
dev.webmail.nimag.net
admin.nimag.net
ispmail3.nimag.net
nimag.net
nimag.net
olympiafilms.com
dev.webmail.nimag.net
*.ssl.nimag.net
s3.nimag.net
s3.nimag.net
isptest1.nimag.net
unifi.nimag.net
www.nimag.net
ispmail3.nimag.net
wiki.nimag.net
ispmail2.nimag.net
extranet.ssl.nimag.net
ispmail2.nimag.net
mailcleanerpro.saitis.net
nimag.net
mail.nimag.net
admin.nimag.net
ispmail2.nimag.net
plesk9.nimag.net
nimag.net
wiki.nimag.net
admin.nimag.net
ispmail1.nimag.net
ispmail3.nimag.net
nimag.net
baikal.nimag.net
baikal.nimag.net
admin.nimag.net
olympiafilms.com
ispmail1.nimag.net
stats.nimag.net
nimag.net
ispmail2.nimag.net
ispmail1.nimag.net
www.nimag.net
nimag.net
bruno.vserver.nimag.net
antispam.nimag.net
b-o-v-arch.ch
olympiafilms.com
extranet.ssl.nimag.net
files.nimag.net
mailcleanerpro.saitis.net
cololausanne.ch
ispmail2.nimag.net
nimag.net
olympiafilms.com
ispmail3.nimag.net
ispmail3.nimag.net
ispmail3.nimag.net
cockpit.saitis.net
meige.ch
baikal.nimag.net
ispmail2.nimag.net
ispmail3.nimag.net
nimag.net
openproject.nimag.net
smtp.nimag.net
antispam.nimag.net
lesjardinsdouchy.ch
extranet.ssl.nimag.net
lesjardinsdouchy.ch
admin.nimag.net
git.nimag.net
baikal.nimag.net
olympiafilms.com
ispmail3.nimag.net
b-o-v-arch.ch
admin.nimag.net
ispmail1.nimag.net
extranet.ssl.nimag.net
nimag.net
bbb.nimag.net
nimag.net
admin.nimag.net
bruno.vserver.nimag.net
nimag.net
Certificate
The complete raw certificate details for baikal.nimag.net in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFBDCCA+ygAwIBAgISA7ZqR02ONhgb9S2skin5LgdVMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjExMDcwMDMwMDBaFw0x NzAyMDUwMDMwMDBaMBsxGTAXBgNVBAMTEGJhaWthbC5uaW1hZy5uZXQwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl9x2XhJ+tBmfySF5QMuKOXkDfWTmb iHiSTz43U1kmJHZUSEDlCbLZAVcw9jNHm9CKfJQaujpsxA20jYj9fKvFE5DjuK03 a0qs+XRyaCLhL2EFYgMCg5zScKD1ZfxoSLUJlE8Ii06yhWRbZwjF8plGfKjKtMM1 peV0hcRp2Q210jO6jd/XWhbGWJsaXa1fSUTkG2mFSf+fQfbRPWQekvqcpNuXyxPY 6Q8bSxABPcZJNeWVyBapT7OY1nxDg7szuClBy6tIsAp+Lmn2NV2iUTKxXQM1QvaY 2zNkdnMPF+f+RYCsgvZZCsgc0G7IJxw1s74IlS9nMkFnyx0au5QbrwFRAgMBAAGj ggIRMIICDTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIf0ZzjY5q1JpPeFxTL4N3rR ra6BMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEB BGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0 Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw dC5vcmcvMBsGA1UdEQQUMBKCEGJhaWthbC5uaW1hZy5uZXQwgf4GA1UdIASB9jCB 8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRw Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENl cnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFy dGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRl IFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0 b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAOR9O1kkawTWmbpozqu8rR6OApAHWvrlu AIsOJvXF9uHP+tLmqDyfQMftCXlJA+rNqTIIrg6jpdvqFt74D5iUlyesVz1oLQYu ZRos3jAxWfL56Hvypexv0yxzUhFDtOzLcM0T8d376RRHSw6G4irhgxqrJZqiUy2L cB1nrDcZTK6AqEwuLf4fRJNFw7btlQyWSun8RdxHllTKj7eYa2/FQP2JBCiYFkgt VvhJJUX4RGLvg1C73+AgjbK5hdkFyZ122VcnLi6I71uHrV13tbRTkSKQn+PbI6oh lweP3orfh/+JuG3O7xPkF5Nwfr5P4Hg1QrGcFpktHDvrsEmg5PTznw== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfcdl4SfrQZn8kheUDLi jl5A31k5m4h4kk8+N1NZJiR2VEhA5Qmy2QFXMPYzR5vQinyUGro6bMQNtI2I/Xyr xROQ47itN2tKrPl0cmgi4S9hBWIDAoOc0nCg9WX8aEi1CZRPCItOsoVkW2cIxfKZ RnyoyrTDNaXldIXEadkNtdIzuo3f11oWxlibGl2tX0lE5BtphUn/n0H20T1kHpL6 nKTbl8sT2OkPG0sQAT3GSTXllcgWqU+zmNZ8Q4O7M7gpQcurSLAKfi5p9jVdolEy sV0DNUL2mNszZHZzDxfn/kWArIL2WQrIHNBuyCccNbO+CJUvZzJBZ8sdGruUG68B UQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 323409516968534377240476126742517746894677 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-11-07 00:30:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-02-05 00:30:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'baikal.nimag.net' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20951177560103997882746197316804278590667407690561247285950637889333050622133499924439139447861617318528557044038998760783820010466814360782160794516589691423891149944799539006165744444887514677968069120809898050875873305776801252688010122780720555996277550161642000646070105856098991158428247970351972441336362536208220323438106062843201562755663001560137633354848707795480718418069047033300725457987983409215392381427032262522059495281634473220004962356338494111880795181939361812092837773777197423967724392330759894301706704911306860558339449999344022667387031774855765302894870018349923653967594357710871201775953 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 87f46738d8e6ad49a4f785c532f8377ad1adae81 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'baikal.nimag.net' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00391f4ed6491ac135a66e9a33aaef2b47a380a401d6beb96e008b0e26f5c5f6e1cffad2e6a83c9f40c7ed09794903eacda93208ae0ea3a5dbea16def80f98949727ac573d682d062e651a2cde303159f2f9e87bf2a5ec6fd32c73521143b4eccb70cd13f1ddfbe914474b0e86e22ae1831aab259aa2532d8b701d67ac37194cae80a84c2e2dfe1f449345c3b6ed950c964ae9fc45dc479654ca8fb7986b6fc540fd8904289816482d56f8492545f84462ef8350bbdfe0208db2b985d905c99d76d957272e2e88ef5b87ad5d77b5b4539122909fe3db23aa2197078fde8adf87ff89b86dceef13e41793707ebe4fe0783542b19c16992d1c3bebb049a0e4f4f39f