themysticmarigold.com
Issued by R3
About this certificate
This digital certificate with serial number 04:87:da:a8:9f:a9:0e:65:99:c1:26:a5:1f:6d:69:b7:c8:dd was issued on by Let's Encrypt.
With 30 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=themysticmarigold.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 04:87:da:a8:9f:a9:0e:65:99:c1:26:a5:1f:6d:69:b7:c8:ddSerial Number (int): 394677910508618166728642421597155500738781
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: b8:f7:e7:a8:2d:51:b4:c6:e9:a8:9f:69:62:04:09:a2:72:01:c9:a4
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 75:7b:0e:96:aa:d8:4c:40:87:11:0a:d0:0d:b8:9d:30:c8:fe:d5:fc
Fingerprint (sha256): 43:3e:78:af:9c:59:c5:7b:d4:a3:5c:14:e7:8c:60:8c:14:bc:83:ad:32:79:c4:ac:71:ae:a3:ac:4a:99:75:fc
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate themysticmarigold.com
30
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for themysticmarigold.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
acriminalmind.com
agihybrid.com
coloradosportsmed.com
earthquakeband.com
everyshotmatters.live
gzeira.com
jabsound.com
jafrewa.com
lazarcb.com
leavenaturebe.org
mountainbluesclub.com
poohshundredacrewood.com
prevcovid.com
themysticmarigold.com
www.acriminalmind.com
www.agihybrid.com
www.coloradosportsmed.com
www.earthquakeband.com
www.everyshotmatters.live
www.gzeira.com
www.jabsound.com
www.jafrewa.com
www.lazarcb.com
www.leavenaturebe.org
www.mountainbluesclub.com
www.poohshundredacrewood.com
www.prevcovid.com
www.themysticmarigold.com
www.xn--4dbioaw1b.com
xn--4dbioaw1b.com
agihybrid.com
coloradosportsmed.com
earthquakeband.com
everyshotmatters.live
gzeira.com
jabsound.com
jafrewa.com
lazarcb.com
leavenaturebe.org
mountainbluesclub.com
poohshundredacrewood.com
prevcovid.com
themysticmarigold.com
www.acriminalmind.com
www.agihybrid.com
www.coloradosportsmed.com
www.earthquakeband.com
www.everyshotmatters.live
www.gzeira.com
www.jabsound.com
www.jafrewa.com
www.lazarcb.com
www.leavenaturebe.org
www.mountainbluesclub.com
www.poohshundredacrewood.com
www.prevcovid.com
www.themysticmarigold.com
www.xn--4dbioaw1b.com
xn--4dbioaw1b.com
Other certificates including the domain name themysticmarigold.com
(limited to 100 certificates)
Certificate
The complete raw certificate details for themysticmarigold.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHTTCCBjWgAwIBAgISBIfaqJ+pDmWZwSalH21pt8jdMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDA1MDcyMDMzMTRaFw0yNDA4MDUyMDMzMTNaMCAxHjAcBgNVBAMT FXRoZW15c3RpY21hcmlnb2xkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOxLeNRpldpWoNUzb45xZfYppmCgg+AAaRcd7zAVgHOJ8Xop/Pzan24W 9VMNqN5zsxHveDpyOmto3z83CLiGtBxDEzkkjDGfK2of4ZOfVF27IzRhOD6DFT/p UKQvT8qxBu6atnjD7bLNvaHjCFyrME2n8rdCOQf9nGmsE67TpuoarOjKs+luE2oB QkhGn+V9ITkKQq1UEUjRd0hiS75evs1Ig8gW821BtZ6/il2+PHm6ziZv4Hzosf6m fZdq6f5T9b3KYKGy7aVZ84phwGvWcH8imtIQW1O0PW/GdwdwaZtV9dsEir7xj7ff mNPP+7sjIniRuWTwjY/VmvFUq4jB+zECAwEAAaOCBG0wggRpMA4GA1UdDwEB/wQE AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw ADAdBgNVHQ4EFgQUuPfnqC1RtMbpqJ9pYgQJonIByaQwHwYDVR0jBBgwFoAUFC6z F7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVo dHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxl bmNyLm9yZy8wggJzBgNVHREEggJqMIICZoIRYWNyaW1pbmFsbWluZC5jb22CDWFn aWh5YnJpZC5jb22CFWNvbG9yYWRvc3BvcnRzbWVkLmNvbYISZWFydGhxdWFrZWJh bmQuY29tghVldmVyeXNob3RtYXR0ZXJzLmxpdmWCCmd6ZWlyYS5jb22CDGphYnNv dW5kLmNvbYILamFmcmV3YS5jb22CC2xhemFyY2IuY29tghFsZWF2ZW5hdHVyZWJl Lm9yZ4IVbW91bnRhaW5ibHVlc2NsdWIuY29tghhwb29oc2h1bmRyZWRhY3Jld29v ZC5jb22CDXByZXZjb3ZpZC5jb22CFXRoZW15c3RpY21hcmlnb2xkLmNvbYIVd3d3 LmFjcmltaW5hbG1pbmQuY29tghF3d3cuYWdpaHlicmlkLmNvbYIZd3d3LmNvbG9y YWRvc3BvcnRzbWVkLmNvbYIWd3d3LmVhcnRocXVha2ViYW5kLmNvbYIZd3d3LmV2 ZXJ5c2hvdG1hdHRlcnMubGl2ZYIOd3d3Lmd6ZWlyYS5jb22CEHd3dy5qYWJzb3Vu ZC5jb22CD3d3dy5qYWZyZXdhLmNvbYIPd3d3LmxhemFyY2IuY29tghV3d3cubGVh dmVuYXR1cmViZS5vcmeCGXd3dy5tb3VudGFpbmJsdWVzY2x1Yi5jb22CHHd3dy5w b29oc2h1bmRyZWRhY3Jld29vZC5jb22CEXd3dy5wcmV2Y292aWQuY29tghl3d3cu dGhlbXlzdGljbWFyaWdvbGQuY29tghV3d3cueG4tLTRkYmlvYXcxYi5jb22CEXhu LS00ZGJpb2F3MWIuY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMIIBBQYKKwYBBAHW eQIEAgSB9gSB8wDxAHYAPxdLT9ciR1iUHWUchL4NEu2QN38fhWrrwb8ohez4ZG4A AAGPVPmZtAAABAMARzBFAiEAkaNC3PeykVAepO9H/LSxn01mgxTCNtj+sABMJ5Js j7oCICKTtOkJ3ENmBEGRGLHX5DhiXbtCr749wzv1dGz205xSAHcASLDja9qmRzQP 5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGPVPmZwgAABAMASDBGAiEAkOIcg9ul WO1ztEKNfIWJStQ9/zYciOhd0aIhf8M6pEQCIQCwymVUtVdieD6f/FH5jS2PU2Kv gmeaaFTxHK7w6dRloTANBgkqhkiG9w0BAQsFAAOCAQEAYw6XiDTLeigdNd4z2Aeo RpljGSVkEDBwSvdc8qleffFMDNSPhoa3LOOaYT82cuzjnTMpYg1j28X10Br40CQU HlofrtnYIAQ8IrCFVtvPKpppnvmDIa28L6b4kfI5purlyRtMvuUFw9vXwCN9s0vC BgDA9SBNNud8KLHCOmO/RCFnCMqeafQstlX2fI0oyNmFmCpu7CBxdBYDefsvd793 9LSgYIj3OB5uBJlt25q4+3hTmnqkUxvcW4bgqhgiyvgkDb8aN9cJZor0wnFi6Jr8 wCsl/K2fXZtglxJgQk4ttMyeFdPISrt7qC30BRPN0IGW9kZX4ZUUVHhRi1Kn3sxG Gg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Et41GmV2lag1TNvjnFl 9immYKCD4ABpFx3vMBWAc4nxein8/Nqfbhb1Uw2o3nOzEe94OnI6a2jfPzcIuIa0 HEMTOSSMMZ8rah/hk59UXbsjNGE4PoMVP+lQpC9PyrEG7pq2eMPtss29oeMIXKsw Tafyt0I5B/2caawTrtOm6hqs6Mqz6W4TagFCSEaf5X0hOQpCrVQRSNF3SGJLvl6+ zUiDyBbzbUG1nr+KXb48ebrOJm/gfOix/qZ9l2rp/lP1vcpgobLtpVnzimHAa9Zw fyKa0hBbU7Q9b8Z3B3Bpm1X12wSKvvGPt9+Y08/7uyMieJG5ZPCNj9Wa8VSriMH7 MQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 394677910508618166728642421597155500738781 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-07 20:33:14 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-08-05 20:33:13 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'themysticmarigold.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29829456597911827181497142428507011090756028554181628301843918370407866328916200189461000977763338078717635809457361441055023445331355953917714521495708797240404087668926357158774064881410099603134866466556329132114741537336289055836656425461259339803837136974684775243434928230752882340622449520163258922575443702295178599505943323459878842305912310553232977568545244816097011275213713317719954745857269038439426974837754697982507941893420121370969495804309620933810740393453357126011247867477991255338519725719722432611305510334612035048884461489388792177768131396520820325862147734122101901941840088744870361037617 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) b8f7e7a82d51b4c6e9a89f69620409a27201c9a4 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (618 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'acriminalmind.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agihybrid.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'coloradosportsmed.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'earthquakeband.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'everyshotmatters.live' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gzeira.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jabsound.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jafrewa.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lazarcb.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'leavenaturebe.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mountainbluesclub.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'poohshundredacrewood.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prevcovid.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'themysticmarigold.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.acriminalmind.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.agihybrid.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.coloradosportsmed.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.earthquakeband.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.everyshotmatters.live' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.gzeira.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jabsound.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jafrewa.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lazarcb.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.leavenaturebe.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mountainbluesclub.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.poohshundredacrewood.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.prevcovid.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.themysticmarigold.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.xn--4dbioaw1b.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'xn--4dbioaw1b.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f10076003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018f54f999b4000004030047304502210091a342dcf7b291501ea4ef47fcb4b19f4d668314c236d8feb0004c27926c8fba02202293b4e909dc436604419118b1d7e438625dbb42afbe3dc33bf5746cf6d39c5200770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018f54f999c2000004030048304602210090e21c83dba558ed73b4428d7c85894ad43dff361c88e85dd1a2217fc33aa444022100b0ca6554b55762783e9ffc51f98d2d8f5362af82679a6854f11caef0e9d465a1 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00630e978834cb7a281d35de33d807a84699631925641030704af75cf2a95e7df14c0cd48f8686b72ce39a613f3672ece39d3329620d63dbc5f5d01af8d024141e5a1faed9d820043c22b08556dbcf2a9a699ef98321adbc2fa6f891f239a6eae5c91b4cbee505c3dbd7c0237db34bc20600c0f5204d36e77c28b1c23a63bf44216708ca9e69f42cb655f67c8d28c8d985982a6eec207174160379fb2f77bf77f4b4a06088f7381e6e04996ddb9ab8fb78539a7aa4531bdc5b86e0aa1822caf8240dbf1a37d709668af4c27162e89afcc02b25fcad9f5d9b60971260424e2db4cc9e15d3c84abb7ba82df40513cdd08196f64657e195145478518b52a7decc461a