nycstream.com

Issued by R3

About this certificate

This digital certificate with serial number 03:f9:67:d5:ae:8d:de:f0:fb:c9:41:28:98:af:ec:19:17:78 was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=nycstream.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:f9:67:d5:ae:8d:de:f0:fb:c9:41:28:98:af:ec:19:17:78
Serial Number (int): 346205187141770570548751394294394972084088
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: b6:5a:50:f3:30:2e:1e:fb:b7:f9:cb:57:3f:6d:b5:9f:e6:e2:e2:f3
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 19:a7:cf:11:4e:63:99:24:09:18:d3:cd:44:80:6a:bd:8c:1a:48:be
Fingerprint (sha256): 5c:95:5c:f4:5f:5c:33:74:3e:bf:6b:91:e8:a3:56:9e:c6:77:4e:54:60:56:6a:f0:e3:20:5b:39:a9:e5:15:84

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate nycstream.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for nycstream.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

nycstream.com
www.nycstream.com

Other certificates including the domain name nycstream.com

(limited to 100 certificates)
nycstream.com
toddlermats.com
rulenumber5.com
www.nycstream.com
nycstream.com
www.hotsaucebuzz.com
www.writerswisdom.com
newmexicojournal.com
nycstream.com
www.namesstar.com
nycstream.com

Certificate

The complete raw certificate details for nycstream.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISA/ln1a6N3vD7yUEomK/sGRd4MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEwMjMxMTA2MzlaFw0yNDAxMjExMTA2MzhaMBgxFjAUBgNVBAMT
DW55Y3N0cmVhbS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCJ
d+Jk+uFBIhlX/czxGfeRctXWuiq9w5OSjkK2ifjIaz/xqwBjbteqd6bgTqPZwfgK
sTnECt7qhnNAok+MgU7JYx9bmOy4XYQwbey86MjHPXjWcNFCD7mNt5J8yQZOFf5i
JhPMbbgcfeAQO9hgbwzwrc/i12vjGMbjqh+I305CBe3dN+n3a/I1gmbqqgopQmhX
eyCqQwd3Y9DoM/OVX8AlICdSf6NUIyQnwZ/+98jIhu8zdCGCgZFUCPgmTbbuG2xq
Yo2NS39eV5O3TFlmdmOvowBx3WV/V9+rDxh5SM/kZ6Flszp0ZRnZyKyPWbDG73EY
0dIlfB3u4XI05W80brZlG5TcnOnfDNPFRzxn8Fs+JWnjMtpwdP4/GOrY/YsAz2ce
pqqABCwZGiI518dRLVZh5ZA7VX5AjyOrDyWX1MG2UT3JLHYvKA4iiPrrP94ZsDhT
HdTFHdhVtq3yYc6eLZ96VcynzmG+U/bbAv0daU441uJbY7AuwwATk7cZP/6mbkfg
M5iXyKVBSAg7nEL3mBLl7VKwI/30y8aUhWLpnPYJzKqe03S/JcR4QxN/u3Mv2vlX
HtLWTkAHRNNVfJibm8Vwi+0nLakAPikjf1kE3Xta0hrkUvNWjVJvm4m3T6si0cng
hGaBE2KxxoCmbBzfNlUhfaOTJc/L51OKujGCiNIzjQIDAQABo4ICJDCCAiAwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBS2WlDzMC4e+7f5y1c/bbWf5uLi8zAfBgNVHSME
GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB
BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov
L3IzLmkubGVuY3Iub3JnLzArBgNVHREEJDAigg1ueWNzdHJlYW0uY29tghF3d3cu
bnljc3RyZWFtLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQYGCisGAQQB1nkC
BAIEgfcEgfQA8gB3ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAAB
i1xuE+8AAAQDAEgwRgIhAKhFj1bz3ARbnsDuuo3degU3Q/ZvRdEwn3anGgfYODUI
AiEA3rx7YrlRkuNFeq93FAbbP54LUiLcdK5vzEMJe9jMHysAdwB2/4g/Crb7lVHC
Ycz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYtcbhTLAAAEAwBIMEYCIQCVekckciuK
Z5SAZRAbSCVpgOT1VHTiEa3ZcQmgLiwh8gIhAP3rIsEsTx8HRqS7Qc8IwXP3Ac3z
sLMt+a/JTtHpDV8dMA0GCSqGSIb3DQEBCwUAA4IBAQAu5gvg3b+LzGGol5BbY933
o2Xu7bUl6WqppaYiVzWntEA0FiSk/55ojgKvcF1iB6zEYm/yNmGEai5f8Fpzu1yd
0ET4P5bRQMcPSoSVCIp5FJ58fbwjPRsWOj3AKLa58kzuAy7tmp2Thn4uNopOz9aL
r41EE3/Rr1MqAADQQPuIIZ7M80Y+I7lRQypeWGwv94FtLHiqcOu1fAZ/0LvvRz86
2f8oKcndgojFvvJVZo7qpgBVC2djBqrFcmGZ1ENyxEuwvxVymbBa1GjXMejaw3qZ
r5pdKkBI2BUzLK7J86KGuaR/9WtIyhtUqrWCiyvmbLqbb11ab/jR1Lr31/SyqAXs
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAiXfiZPrhQSIZV/3M8Rn3
kXLV1roqvcOTko5Cton4yGs/8asAY27Xqnem4E6j2cH4CrE5xAre6oZzQKJPjIFO
yWMfW5jsuF2EMG3svOjIxz141nDRQg+5jbeSfMkGThX+YiYTzG24HH3gEDvYYG8M
8K3P4tdr4xjG46ofiN9OQgXt3Tfp92vyNYJm6qoKKUJoV3sgqkMHd2PQ6DPzlV/A
JSAnUn+jVCMkJ8Gf/vfIyIbvM3QhgoGRVAj4Jk227htsamKNjUt/XleTt0xZZnZj
r6MAcd1lf1ffqw8YeUjP5GehZbM6dGUZ2cisj1mwxu9xGNHSJXwd7uFyNOVvNG62
ZRuU3Jzp3wzTxUc8Z/BbPiVp4zLacHT+Pxjq2P2LAM9nHqaqgAQsGRoiOdfHUS1W
YeWQO1V+QI8jqw8ll9TBtlE9ySx2LygOIoj66z/eGbA4Ux3UxR3YVbat8mHOni2f
elXMp85hvlP22wL9HWlOONbiW2OwLsMAE5O3GT/+pm5H4DOYl8ilQUgIO5xC95gS
5e1SsCP99MvGlIVi6Zz2CcyqntN0vyXEeEMTf7tzL9r5Vx7S1k5AB0TTVXyYm5vF
cIvtJy2pAD4pI39ZBN17WtIa5FLzVo1Sb5uJt0+rItHJ4IRmgRNiscaApmwc3zZV
IX2jkyXPy+dTiroxgojSM40CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 346205187141770570548751394294394972084088
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-23 11:06:39 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-21 11:06:38 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nycstream.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 560821727517669185048735787653585990686840956582501099444627324351771251959641563806391572278051781470542574152101700265981441343023834710236804818290946410531182694890853233134374424116830057613662541046696174571105068063469559114250681086352270287039057098234260772264481564794395077079332029307664955791073281018844407213991113004659791156966038425971585688199811913624866332515064807978349832609573120075978191441805101128984636871666126415477115399621357875658323406676271139828904192124291719543322243748021067331283720155581138746418096565180630754408327483122107341463464455618200627772195579669758868079567043250617999065769053221825639925683455677012490812505352560588772606613337718597877107255903120274915895279852903009574808693727025183312685797314932904246456074569661904851183165404422148970309637322804460693642665674900830584873675484894584035857671770688830930829239437384319564278163517033015143282297384124115661507498693397859824705460045402283077944279148861714182629020660775912750289305397798849694101042159271153488169501332242308560722740006416343476811709004035979757188661201897197916309220935891169207527860643393148296083084227720956806070085170343055078618472789383965150277493333493520484877361886093
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b65a50f3302e1efbb7f9cb573f6db59fe6e2e2f3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nycstream.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nycstream.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
							00f20077003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018b5c6e13ef0000040300483046022100a8458f56f3dc045b9ec0eeba8ddd7a053743f66f45d1309f76a71a07d8383508022100debc7b62b95192e3457aaf771406db3f9e0b5222dc74ae6fcc43097bd8cc1f2b00770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b5c6e14cb0000040300483046022100957a4724722b8a67948065101b48256980e4f55474e211add97109a02e2c21f2022100fdeb22c12c4f1f0746a4bb41cf08c173f701cdf3b0b32df9afc94ed1e90d5f1d
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		002ee60be0ddbf8bcc61a897905b63ddf7a365eeedb525e96aa9a5a6225735a7b440341624a4ff9e688e02af705d6207acc4626ff23661846a2e5ff05a73bb5c9dd044f83f96d140c70f4a8495088a79149e7c7dbc233d1b163a3dc028b6b9f24cee032eed9a9d93867e2e368a4ecfd68baf8d44137fd1af532a0000d040fb88219eccf3463e23b951432a5e586c2ff7816d2c78aa70ebb57c067fd0bbef473f3ad9ff2829c9dd8288c5bef255668eeaa600550b676306aac5726199d44372c44bb0bf157299b05ad468d731e8dac37a99af9a5d2a4048d815332caec9f3a286b9a47ff56b48ca1b54aab5828b2be66cba9b6f5d5a6ff8d1d4baf7d7f4b2a805ec