donate.demandaplan.org

Issued by R3

About this certificate

This digital certificate with serial number 03:bd:56:c6:22:eb:bc:98:dc:a6:a0:9c:97:cd:ff:8f:f7:60 was issued on by Let's Encrypt.

With 31 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=donate.demandaplan.org

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:bd:56:c6:22:eb:bc:98:dc:a6:a0:9c:97:cd:ff:8f:f7:60
Serial Number (int): 325765567534032514890963942842514839435104
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: cc:86:66:75:9c:bd:20:5b:e5:ad:99:39:31:19:ad:d2:6d:37:c4:77
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): d1:d4:c0:94:e9:a3:74:52:6a:51:39:e4:1a:6e:9c:d2:9e:2a:61:c2
Fingerprint (sha256): 5b:bc:dd:cf:26:13:c5:3a:b8:b8:a4:8d:96:da:e3:e0:d7:ca:d0:8d:83:e3:44:e5:8a:a6:ac:4e:2d:0c:21:aa

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate donate.demandaplan.org

31

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for donate.demandaplan.org

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

act-cftest.moveon.org
act.abwt.org
act.bcndp.ca
act.berniesanders.com
act.bowmanforcongress.com
act.chrismurphy.com
act.colorofchange.org
act.colorofchangepac.org
act.coribush.org
act.democratic-strategy.org
act.evergreenaction.com
act.forwardtn.org
act.gunsensevoter.org
act.moveon.org
act.novoteleftbehindpac.com
act.presente.org
act.presenteaction.org
act.protectvoting.org
act.wedefendthevote.org
act.zakforcongress.com
action.wemove.eu
donate.demandaplan.org
go.bobcasey.com
go.giffords.org
go.nationalnursesunited.org
go.nnu.org
www.crisisresponse.us
www.impeach.org
www.nowarwithiran.org
www.savethepostoffice.net
www.trumpisnotabovethelaw.org

Other certificates including the domain name demandaplan.org

(limited to 100 certificates)
www-default.actionkit.com
act.johnfetterman.com
act.progressiowa.org
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
act.boldprogressives.org
www-default.actionkit.com
action.314actionfund.org
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
act.ilhanomar.com
www-default.actionkit.com
act.dirtroaddems.com
www-default.actionkit.com
www-default.actionkit.com
act.ourrevolution.com
www-default.actionkit.com
act.progressnownm.org
peoplesmillion.whitehelmets.org
www-default.actionkit.com
www-default.actionkit.com
act.colorofchange.org
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
act.elizabethwarren.com
act.campaigntoendqualifiedimmunity.org
action.pollinis.org
www-default.actionkit.com
www-default.actionkit.com
act.jamieraskin.com
www-default.actionkit.com
donate.demandaplan.org
act.progressnc.org
act.gunsensevoter.org
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
act.realjusticepac.org
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
act.powerthepolls.org
www-default.actionkit.com
act.forarpeople.org
act.pirg.org
act.abwt.org
www-default.actionkit.com
act.progressga.org
www-default.actionkit.com
act.defendvotingrights.org
action.futuredems.org
www-default.actionkit.com
www-default.actionkit.com
action.futuredems.org
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
act.cutcruz.com
go.tonyevers.com
act.beaherofund.com
www-default.actionkit.com
act.hillharper.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
act.nuestropac.com
www.demandaplan.org
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com
act.electdemocraticwomen.org
www-default.actionkit.com
www-default.actionkit.com
act.whitehelmets.org
act.bcndp.ca
www-default.actionkit.com
www.nowarwithiran.org
act.sumofus.org
www-default.actionkit.com
www-default.actionkit.com
www-default.actionkit.com

Certificate

The complete raw certificate details for donate.demandaplan.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIkTCCB3mgAwIBAgISA71WxiLrvJjcpqCcl83/j/dgMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEyMDUyMjMxMzVaFw0yNDAzMDQyMjMxMzRaMCExHzAdBgNVBAMT
FmRvbmF0ZS5kZW1hbmRhcGxhbi5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDIg9TehwrZPmTn3IqHIF6vs2jCFWbjOjSD5zkY26U0Nzx5/3zMvNXi
/O47ohAHCzWp4OO9UPE2BuUeYJyEsZqehvutJHNXWxk0MGW7mCvGe2ZGu1wIsVa+
cBw/fG5eHDEbGvJyDwaYLu3oXxV7p4NREX4BluYDYrOeI5qTG8BHyCGL4qH8C3Zt
cwpKRnY8rQxTeyKgEQksK/cszuucvwWR6iXQtBMTfev6cdf7S33w5ZdKFDTIpW/B
l9WIns9hAIjK4L57ObM+WjOZi0Ai4UaNs25PunjP8D2XDe8aJaob2M4/HWabXVoO
yBU4H7Va0eVqajkHjEVk4NGqHRL7wpldcInuUjdyscrgURwPXKd8HROMZV7/t9YH
G5OvDl1EkdvJTNSGuDER4Nal1DEbjyNcFaNYXv03keAyfPT1wtewM2F7AWwINO8a
neOqo7LjPOXnrnBNBxodp2unzYwj8GHgJNvgJXF109rPW5VfHWvM2S2zP/MSu6YT
SAWY5a/XFIZp5yTdbsW66/vTm+7n7KSduJAy2DiTuF19XoHY4wjtwQFhy2cqEXsV
T3vwf6W8/b3m3ATNKI4aaUOlsQatngdtKgr43ue3ldDJYBJ/aYndHIAJ0BLG8Tw3
G52OUmgjNpGawFszR7d2NykMDEYC0QyajYryMs2JV7W3vdVOBAZJnQIDAQABo4IE
sDCCBKwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTMhmZ1nL0gW+WtmTkxGa3SbTfE
dzAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJ
MEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcw
AoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzCCArcGA1UdEQSCAq4wggKqghVhY3Qt
Y2Z0ZXN0Lm1vdmVvbi5vcmeCDGFjdC5hYnd0Lm9yZ4IMYWN0LmJjbmRwLmNhghVh
Y3QuYmVybmllc2FuZGVycy5jb22CGWFjdC5ib3dtYW5mb3Jjb25ncmVzcy5jb22C
E2FjdC5jaHJpc211cnBoeS5jb22CFWFjdC5jb2xvcm9mY2hhbmdlLm9yZ4IYYWN0
LmNvbG9yb2ZjaGFuZ2VwYWMub3JnghBhY3QuY29yaWJ1c2gub3JnghthY3QuZGVt
b2NyYXRpYy1zdHJhdGVneS5vcmeCF2FjdC5ldmVyZ3JlZW5hY3Rpb24uY29tghFh
Y3QuZm9yd2FyZHRuLm9yZ4IVYWN0Lmd1bnNlbnNldm90ZXIub3Jngg5hY3QubW92
ZW9uLm9yZ4IbYWN0Lm5vdm90ZWxlZnRiZWhpbmRwYWMuY29tghBhY3QucHJlc2Vu
dGUub3JnghZhY3QucHJlc2VudGVhY3Rpb24ub3JnghVhY3QucHJvdGVjdHZvdGlu
Zy5vcmeCF2FjdC53ZWRlZmVuZHRoZXZvdGUub3JnghZhY3QuemFrZm9yY29uZ3Jl
c3MuY29tghBhY3Rpb24ud2Vtb3ZlLmV1ghZkb25hdGUuZGVtYW5kYXBsYW4ub3Jn
gg9nby5ib2JjYXNleS5jb22CD2dvLmdpZmZvcmRzLm9yZ4IbZ28ubmF0aW9uYWxu
dXJzZXN1bml0ZWQub3Jnggpnby5ubnUub3JnghV3d3cuY3Jpc2lzcmVzcG9uc2Uu
dXOCD3d3dy5pbXBlYWNoLm9yZ4IVd3d3Lm5vd2Fyd2l0aGlyYW4ub3Jnghl3d3cu
c2F2ZXRoZXBvc3RvZmZpY2UubmV0gh13d3cudHJ1bXBpc25vdGFib3ZldGhlbGF3
Lm9yZzATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA
8AB1ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjDxSmeAAAAQD
AEYwRAIge3PUhaGSEWLBCtVem5re2Jk3KuXO6DGYWstMGnOfjqwCIEL2jNHrGpIB
1XpKUMpEfw15skNdLL1sa0e9dlQYiOiRAHcAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp
3GhCCp/mZ0xaOnQAAAGMPFKaJwAABAMASDBGAiEAsFC/x7IXDXvg+oFP7N7OaF+G
9ixRMIuFcr304wQot3gCIQCvgGsfy7Hq3OXAWsDJ25//5fu98qQKR109tfjc5Fog
QTANBgkqhkiG9w0BAQsFAAOCAQEAknwxb8cpdoiDfwfKLyhEBq3EEQmxl1+4ZoSS
7i55dlRdy9oJnjMm5+LidPPhmwvXSKBpgZ7G3ejsZMm0S0pkHDfryWGu8FOHIXk0
E2PmqzjaCETuINqK+18MOF7Lz/n/kst4U6mmd+PHvwWZS211UP9a6ehDInUlX95R
R3+OepR6bA0bf/z505kuAufYC+MB1q6td3BH0ySbjfxJqbTwby/f7jBWhiKq1zHt
/7PN13zcFkJoiqF1gDLN88P9AFTL4E6i1StzSEIFQYRC5Hi2fZ4Ik1LJmnSL7a1Y
5PxBv0Rt52wGy1/xdmtMVPDXgouC84MOwCcCVWmjkiu8Xi4PnA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyIPU3ocK2T5k59yKhyBe
r7NowhVm4zo0g+c5GNulNDc8ef98zLzV4vzuO6IQBws1qeDjvVDxNgblHmCchLGa
nob7rSRzV1sZNDBlu5grxntmRrtcCLFWvnAcP3xuXhwxGxrycg8GmC7t6F8Ve6eD
URF+AZbmA2KzniOakxvAR8ghi+Kh/At2bXMKSkZ2PK0MU3sioBEJLCv3LM7rnL8F
keol0LQTE33r+nHX+0t98OWXShQ0yKVvwZfViJ7PYQCIyuC+ezmzPlozmYtAIuFG
jbNuT7p4z/A9lw3vGiWqG9jOPx1mm11aDsgVOB+1WtHlamo5B4xFZODRqh0S+8KZ
XXCJ7lI3crHK4FEcD1ynfB0TjGVe/7fWBxuTrw5dRJHbyUzUhrgxEeDWpdQxG48j
XBWjWF79N5HgMnz09cLXsDNhewFsCDTvGp3jqqOy4zzl565wTQcaHadrp82MI/Bh
4CTb4CVxddPaz1uVXx1rzNktsz/zErumE0gFmOWv1xSGaeck3W7Fuuv705vu5+yk
nbiQMtg4k7hdfV6B2OMI7cEBYctnKhF7FU978H+lvP295twEzSiOGmlDpbEGrZ4H
bSoK+N7nt5XQyWASf2mJ3RyACdASxvE8NxudjlJoIzaRmsBbM0e3djcpDAxGAtEM
mo2K8jLNiVe1t73VTgQGSZ0CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 325765567534032514890963942842514839435104
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-05 22:31:35 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-04 22:31:34 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'donate.demandaplan.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 818029695168819239078920859815602873702805059260146297853582161377319858148232174318271480801008851482077930036961747175605836194364236561168149257939282346364841817383863362164025161106867817304805097424822271791782255130131981925253598201795426003207471310528210284452235104471632744705481084706683206640032807648768368052914687761242303123231885769058848971010601621101240759477148009487416032884230960823223516122047103897819458239603949217534519135948442364712179181500662600331784195713891901631944865135616146912420917178205408560502272190865775411018759982237003641030894802209569420223610040343550952409661629321367007856340510310704465460309754522887924758737374647857342410609079093678196466000547738718787995118024692565562219325958968831196116064711873517213154437451968168472931152952983424609460773043308671614781817514609358422006239024349975407000587248515837531024408252310694708703770305468381954580092197005094962839827804397843161686939009641977550888114920756169146025564169975001371059219715897099284600217246647844897017772312821639623515128080881847771287130191016575632321665025905456642089052724415309120767532660218547941698992538304217418068697358848317433842359609699548325291376262229865479323670432157
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							cc8666759cbd205be5ad99393119add26d37c477
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (686 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act-cftest.moveon.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.abwt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.bcndp.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.berniesanders.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.bowmanforcongress.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.chrismurphy.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.colorofchange.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.colorofchangepac.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.coribush.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.democratic-strategy.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.evergreenaction.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.forwardtn.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.gunsensevoter.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.moveon.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.novoteleftbehindpac.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.presente.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.presenteaction.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.protectvoting.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.wedefendthevote.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.zakforcongress.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'action.wemove.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'donate.demandaplan.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'go.bobcasey.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'go.giffords.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'go.nationalnursesunited.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'go.nnu.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.crisisresponse.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.impeach.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nowarwithiran.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.savethepostoffice.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.trumpisnotabovethelaw.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f00075003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018c3c5299e0000004030046304402207b73d485a1921162c10ad55e9b9aded899372ae5cee831985acb4c1a739f8eac022042f68cd1eb1a9201d57a4a50ca447f0d79b2435d2cbd6c6b47bd76541888e89100770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018c3c529a270000040300483046022100b050bfc7b2170d7be0fa814fecdece685f86f62c51308b8572bdf4e30428b778022100af806b1fcbb1eadce5c05ac0c9db9fffe5fbbdf2a40a475d3db5f8dce45a2041
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00927c316fc7297688837f07ca2f284406adc41109b1975fb8668492ee2e7976545dcbda099e3326e7e2e274f3e19b0bd748a069819ec6dde8ec64c9b44b4a641c37ebc961aef053872179341363e6ab38da0844ee20da8afb5f0c385ecbcff9ff92cb7853a9a677e3c7bf05994b6d7550ff5ae9e8432275255fde51477f8e7a947a6c0d1b7ffcf9d3992e02e7d80be301d6aead777047d3249b8dfc49a9b4f06f2fdfee30568622aad731edffb3cdd77cdc1642688aa1758032cdf3c3fd0054cbe04ea2d52b73484205418442e478b67d9e089352c99a748bedad58e4fc41bf446de76c06cb5ff1766b4c54f0d7828b82f3830ec027025569a3922bbc5e2e0f9c