xn--mij-joa.de
Issued by StartCom Class 1 DV Server CA
About this certificate
This digital certificate with serial number 2b:29:69:65:bb:36:fe:6e:de:bc:a9:0e:7f:b6:f3:39 was issued on by StartCom Ltd..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=xn--mij-joa.de
StartCom Ltd.
Organization:
StartCom Ltd.
Organization unit: StartCom Certification Authority
Organization unit: StartCom Certification Authority
Country:
IL
This certificate has expire since
Certificate Details
Serial Number (hex): 2b:29:69:65:bb:36:fe:6e:de:bc:a9:0e:7f:b6:f3:39Serial Number (int): 57371825702944288190855169227558941497
Serial Number lenght: 126 bits, 16 octets
SubjectKeyId: 48:a3:85:18:8f:e2:d7:57:8a:81:7c:5b:6b:05:35:3a:6f:5d:f4:51
AuthorityKeyId: d7:91:4e:01:c4:b0:bf:f8:c8:67:93:44:9c:e7:33:fa:ad:93:0c:af
Fingerprint (sha1): f2:05:58:ae:da:e8:ed:c5:d8:11:b7:9f:c5:aa:41:c1:20:2d:59:89
Fingerprint (sha256): 59:d2:3c:ad:a6:c5:d0:84:a6:ad:b4:4e:e6:5a:cc:87:63:d0:a5:50:0c:61:19:c6:55:be:2d:ac:28:eb:f8:f2
Issuing Certificate URL: http://aia.startssl.com/certs/sca.server1.crt
Revocation information
OCSP Server: http://ocsp.startssl.comCRL Distribution Point: http://crl.startssl.com/sca-server1.crl
Check the revocation status for certificate xn--mij-joa.de
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for xn--mij-joa.de
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Client Authentication
Server Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
xn--mij-joa.de
www.xn--mij-joa.de
www.xn--mij-joa.de
Other certificates including the domain name xn--mij-joa.de
(limited to 100 certificates)
Certificate
The complete raw certificate details for xn--mij-joa.de in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF7DCCBNSgAwIBAgIQKylpZbs2/m7evKkOf7bzOTANBgkqhkiG9w0BAQsFADB4 MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0 Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4XDTE2MDIxODE3MjYyOVoXDTE3MDIx ODE3MjYyOVowGTEXMBUGA1UEAwwOeG4tLW1pai1qb2EuZGUwggIiMA0GCSqGSIb3 DQEBAQUAA4ICDwAwggIKAoICAQDno3B+8Sm5IhJASeBXi0qaRzTsqZFDpIpUbv2o mB5yUZKr815SLKA6XeaW37NZZLUseaWWWRc9ioiFhizPrkNyKUhyHJFSkib5oHrE pQ/GNCq9jnzWbinTUSaDOCFrihHI7YDLsZfSdgcMCD4d5+F3Sd40gSnMacs3vwBi W+Ju+L3qvcEyIzz60YPHAg7SEzvB40s/1S6ogE3FHK/J9xpEjCcliGqvwDo8s2Ln LbmvxucjXKqYZFM2sMugf0+VKpvz9y2znilu9UEDt/CTOHT8EkCRr+OjfctrYLJf lYqfYCGl78zrZ3DZjOdwWt7P85b8L/z8otc8Er83PIU9PMx13pSYHhcZ7VsZkpeA 0A/CbQreyNmlBmAWWEzPpFDpVnDyyf5aTAJc8W5Ne93fbCwjWfnx5M8Zcv5q6DLk tAnK2PqssmIdZUBdE7Ld5WkRJOmPIcHOAnJGDafnh9v4t9hiIWNVIiLtftVBq1Wz 14Q6BbPs+F5Uq4rHo3tvJNZbUjYb62bGfl+ONE+UPAzYCFBQusQ0+SW0KC+I+ABu TFUbV6dgUFfGiFbGo76zDM9cKSLws9vjTjRbaLr9jwHnSAA7bGG20fPmJOBS+XtX 84mc2F/TowL2K0JZZBmlfAmuMG+lNOixW+3sBAiZvxVR6cthOmCSvd64sdwcDTwZ LHMtNQIDAQABo4IBzzCCAcswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG AQUFBwMCBggrBgEFBQcDATAJBgNVHRMEAjAAMB0GA1UdDgQWBBRIo4UYj+LXV4qB fFtrBTU6b130UTAfBgNVHSMEGDAWgBTXkU4BxLC/+Mhnk0Sc5zP6rZMMrzBvBggr BgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNv bTA5BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc2Nh LnNlcnZlcjEuY3J0MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcnRz c2wuY29tL3NjYS1zZXJ2ZXIxLmNybDAtBgNVHREEJjAkgg54bi0tbWlqLWpvYS5k ZYISd3d3LnhuLS1taWotam9hLmRlMCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3Rh cnRzc2wuY29tLzBQBgNVHSAESTBHMAgGBmeBDAECATA7BgsrBgEEAYG1NwECBDAs MCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJ KoZIhvcNAQELBQADggEBAM8mFpbQ+IgWGVoDRF5qs3qtRmSo7C2rsQ74ulq76wlE kzgUwya44tYsHXBQCG+xt5HTtcosV4bgk3dTdK9ukbuhel7gzhNaMeLUjLLaO0D6 z0yy+Eca5qAZpSo4TxQGp8e0OLTTaC076B2QiQMTde/usHAP6TiCG7qynRSxxhKk dcXg7Q1xpmG4BDYzGmARkRRrw6QoPSHixAQRe4hw/+UzHJpzuonAmvqepPHrevjA qJyepPA9b1DrtJLbwNT6r90dBGfw7x6XHUjwlREUjayUbmnwIKI5bLwtwvfYLjnw neKJiVojoHQr1fkjF6kbDlzaI6CS5eQ6kAu30Ec/ZE0= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA56NwfvEpuSISQEngV4tK mkc07KmRQ6SKVG79qJgeclGSq/NeUiygOl3mlt+zWWS1LHmlllkXPYqIhYYsz65D cilIchyRUpIm+aB6xKUPxjQqvY581m4p01Emgzgha4oRyO2Ay7GX0nYHDAg+Hefh d0neNIEpzGnLN78AYlvibvi96r3BMiM8+tGDxwIO0hM7weNLP9UuqIBNxRyvyfca RIwnJYhqr8A6PLNi5y25r8bnI1yqmGRTNrDLoH9PlSqb8/cts54pbvVBA7fwkzh0 /BJAka/jo33La2CyX5WKn2Ahpe/M62dw2YzncFrez/OW/C/8/KLXPBK/NzyFPTzM dd6UmB4XGe1bGZKXgNAPwm0K3sjZpQZgFlhMz6RQ6VZw8sn+WkwCXPFuTXvd32ws I1n58eTPGXL+augy5LQJytj6rLJiHWVAXROy3eVpESTpjyHBzgJyRg2n54fb+LfY YiFjVSIi7X7VQatVs9eEOgWz7PheVKuKx6N7byTWW1I2G+tmxn5fjjRPlDwM2AhQ ULrENPkltCgviPgAbkxVG1enYFBXxohWxqO+swzPXCki8LPb4040W2i6/Y8B50gA O2xhttHz5iTgUvl7V/OJnNhf06MC9itCWWQZpXwJrjBvpTTosVvt7AQImb8VUenL YTpgkr3euLHcHA08GSxzLTUCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 57371825702944288190855169227558941497 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Ltd.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Certification Authority' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Class 1 DV Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-02-18 17:26:29 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-02-18 17:26:29 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'xn--mij-joa.de' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 945002368500007054755368532642928795860532717882969366201845754098459010682992100778612334602391418512916100428133601530202727590990194257885265681778983462056135266085732218156509639613946031693819267486809084826426524148869598914796653808606906665886753406318983289437605775456255120304456998492223132219761781856308786808688873836539750574866119185261701934618317331818651281903284072122217711926268484823823701238666902535749560181442428303305865961329448437425164998291514553488913142845571844537020375483246866347825019517840958595998403365695103939825801044629365152847998699453133923498297228257112158790388998217289083960156465285455732683652327947284924058676547663405742286302586769288433368172133556067300685093846684574679171399217410294426840356323384535270357663942853938644296360336684081605398643540298019897792258461718667955574524653476467930702364853915400693522363934707845352287210407955792475233625326808811687062569695072334386179967842871248161220648801080332512665065959474038428032187852269169065459311222073001513429330145790492276082316317119362599076667482779011730340812830151348854876867269783162428012613593009033484720556860669236640252586988063754735666555588287447321500351067773291834516624846133 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 48a385188fe2d7578a817c5b6b05353a6f5df451 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d7914e01c4b0bff8c86793449ce733faad930caf . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.startssl.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.startssl.com/certs/sca.server1.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.startssl.com/sca-server1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'xn--mij-joa.de' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.xn--mij-joa.de' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.18 (issuerAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.startssl.com/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.23223.1.2.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.startssl.com/policy' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00cf261696d0f88816195a03445e6ab37aad4664a8ec2dabb10ef8ba5abbeb0944933814c326b8e2d62c1d7050086fb1b791d3b5ca2c5786e093775374af6e91bba17a5ee0ce135a31e2d48cb2da3b40facf4cb2f8471ae6a019a52a384f1406a7c7b438b4d3682d3be81d9089031375efeeb0700fe938821bbab29d14b1c612a475c5e0ed0d71a661b80436331a601191146bc3a4283d21e2c404117b8870ffe5331c9a73ba89c09afa9ea4f1eb7af8c0a89c9ea4f03d6f50ebb492dbc0d4faafdd1d0467f0ef1e971d48f09511148dac946e69f020a2396cbc2dc2f7d82e39f09de289895a23a0742bd5f92317a91b0e5cda23a092e5e43a900bb7d0473f644d