www.yves-rocher.com

Issued by R3

About this certificate

This digital certificate with serial number 04:c7:44:c0:cb:0f:81:e0:41:59:95:10:a0:de:c0:e7:b2:6d was issued on by Let's Encrypt.

With 40 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=www.yves-rocher.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:c7:44:c0:cb:0f:81:e0:41:59:95:10:a0:de:c0:e7:b2:6d
Serial Number (int): 416256723287575720435229212811519544767085
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 66:f1:92:e9:ab:d5:fa:c7:bb:88:87:82:ef:50:9b:ab:e6:2e:52:16
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 1a:d9:fa:79:45:34:46:2d:6c:18:cf:06:da:8c:4c:12:e4:fd:79:90
Fingerprint (sha256): 5d:a3:f8:f4:73:3c:09:7a:17:da:ee:66:61:5a:69:f5:80:0a:36:6b:81:d1:95:bd:ac:1a:99:e1:8b:b0:17:48

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate www.yves-rocher.com

40

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.yves-rocher.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

api.groupe-rocher.com
bi.yvesrocher.com.mx
deal.yrg.se
descubre.yves-rocher.com.mx
eimv3-statics.yves-rocher.com
eimv3.yves-rocher.com
flow.yves-rocher.com
gestorcomercial.yvesrocher.com.mx
media.aod-care.com
pcv-lcda.groupe-rocher.com
pim.yves-rocher.com
s.yrg.se
samy-it.yves-rocher.com
samy-yrbe.yves-rocher.com
samy-yrca.yves-rocher.com
samy-yrce.yves-rocher.com
samy-yres.yves-rocher.com
samy-yrfr.yves-rocher.com
samy-yrit.yves-rocher.com
services.ricaud.com
services.yves-rocher.com
stanhome-lcda.groupe-rocher.com
storelocator.yves-rocher.com
studio-rennes.groupe-rocher.com
tilkal-prd.petit-bateau.com
vpci.ricaud.com
vpci.yves-rocher.com
www-rksp.yves-rocher.com.mx
www.cosmetovigilance.groupe-rocher.com
www.extracteur-donnees-mag-yr.com
www.fondation-danieljouvance.org
www.reconnect-to-nature.com
www.stanfacil.es
www.stanhome.com
www.stanhomeperte.it
www.yves-rocher.co.th
www.yves-rocher.com
www.yves-rocher.com.mx
www.yvesrocher.com.mx
www.yvesrocher.jo

Other certificates including the domain name yves-rocher.com

(limited to 100 certificates)
services.yves-rocher.com
medianet.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
abspace-re7.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
incapsula.com
www.yves-rocher.fr
www.yves-rocher.com
eimv3-statics.yves-rocher.com
www.yves-rocher.com
birdplan.yves-rocher.com
san-16-s50.tlsprovisioning.exacttarget.com
admin-rec.easy-ext.yves-rocher.com
sec.yr-fr-rec1.easy-ext.yves-rocher.com
*.yves-rocher.com
www.yves-rocher.fr
www.yves-rocher.com
dyrectperso.yves-rocher.com
san-16-s50.tlsprovisioning.exacttarget.com
imperva.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
pim.yves-rocher.com
secure-vpci.yves-rocher.com
secure-vpci.yves-rocher.com
incapsula.com
dyrectperso.yves-rocher.com
incapsula.com
specif-ac.yves-rocher.com
www-npe.yves-rocher.com
incapsula.com
incapsula.com
incapsula.com
dyrectperso.yves-rocher.com
san-16-s50.tlsprovisioning.exacttarget.com
www-npe.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
sec.yr-fr-rec1.easy-ext.yves-rocher.com
secure-vpci.yves-rocher.com
myreport.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
www.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
incapsula.com
san-11-s50.tlsprovisioning.exacttarget.com
services.yves-rocher.com
imperva.com
san-16-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
*.statics-easy-ext.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
san-16-s50.tlsprovisioning.exacttarget.com
*.yves-rocher.com
dyrectperso.yves-rocher.com
pim.yves-rocher.com
dyrectperso.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com
medianet.yves-rocher.com
admin-rec.easy-ext.yves-rocher.com
*.yves-rocher.com
ftp-pao.yves-rocher.com
*.yves-rocher.com
services.yves-rocher.com
incapsula.com
samy.yves-rocher.com
newsroom.yves-rocher.com
www.yves-rocher.fr
dyrectperso.yves-rocher.com
services.yves-rocher.com
specif-ac.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
www.yves-rocher.com
dyrectperso.yves-rocher.com
newsroom.yves-rocher.com
www-npe.yves-rocher.com
dkb.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
pim.yves-rocher.com
specif-ac.yves-rocher.com
*.yves-rocher.com
flow.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
*.yves-rocher.com
portailmag-rec.yves-rocher.com
*.dev-spark-ext.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
services.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
specif-ac.yves-rocher.com
san-11-s50.tlsprovisioning.exacttarget.com
san-11-s50.tlsprovisioning.exacttarget.com

Certificate

The complete raw certificate details for www.yves-rocher.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIII1zCCB7+gAwIBAgISBMdEwMsPgeBBWZUQoN7A57JtMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEyMDUwNzM0MDNaFw0yNDAzMDQwNzM0MDJaMB4xHDAaBgNVBAMT
E3d3dy55dmVzLXJvY2hlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDZfxGkd9HKk2WPeh/IzLXx6NKAWoNOUPE+TGxPgImNsWDQYYONhNnuUdMP
DJa6Be12SiYiKcgk15vxXHtE2q1/srGDZwlV7grlhRZoEY+ZVovHkCUMDs2kGfbl
eO5EqHmrOKfE4zIG+gqV9EskPIKRyZLaal2zv0fNczBCrywKemNddgqKinnmMj8u
brGQyaaio7rlA6l26kOvn8TvpsvL79GXjw2QUJDA49fytd04dmERFg4aydNIApuC
bmckXDodBy8WwYXDhi0NrZnJ1ixlna5RaEskgsp3v+suoLobFDjaFBRhXOCppBSq
04fLpnQMCuMS9XKE0EotHMav/I+5AgMBAAGjggX5MIIF9TAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
HQYDVR0OBBYEFGbxkumr1frHu4iHgu9Qm6vmLlIWMB8GA1UdIwQYMBaAFBQusxe3
WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0
cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5j
ci5vcmcvMIID/wYDVR0RBIID9jCCA/KCFWFwaS5ncm91cGUtcm9jaGVyLmNvbYIU
YmkueXZlc3JvY2hlci5jb20ubXiCC2RlYWwueXJnLnNlghtkZXNjdWJyZS55dmVz
LXJvY2hlci5jb20ubXiCHWVpbXYzLXN0YXRpY3MueXZlcy1yb2NoZXIuY29tghVl
aW12My55dmVzLXJvY2hlci5jb22CFGZsb3cueXZlcy1yb2NoZXIuY29tgiFnZXN0
b3Jjb21lcmNpYWwueXZlc3JvY2hlci5jb20ubXiCEm1lZGlhLmFvZC1jYXJlLmNv
bYIacGN2LWxjZGEuZ3JvdXBlLXJvY2hlci5jb22CE3BpbS55dmVzLXJvY2hlci5j
b22CCHMueXJnLnNlghdzYW15LWl0Lnl2ZXMtcm9jaGVyLmNvbYIZc2FteS15cmJl
Lnl2ZXMtcm9jaGVyLmNvbYIZc2FteS15cmNhLnl2ZXMtcm9jaGVyLmNvbYIZc2Ft
eS15cmNlLnl2ZXMtcm9jaGVyLmNvbYIZc2FteS15cmVzLnl2ZXMtcm9jaGVyLmNv
bYIZc2FteS15cmZyLnl2ZXMtcm9jaGVyLmNvbYIZc2FteS15cml0Lnl2ZXMtcm9j
aGVyLmNvbYITc2VydmljZXMucmljYXVkLmNvbYIYc2VydmljZXMueXZlcy1yb2No
ZXIuY29tgh9zdGFuaG9tZS1sY2RhLmdyb3VwZS1yb2NoZXIuY29tghxzdG9yZWxv
Y2F0b3IueXZlcy1yb2NoZXIuY29tgh9zdHVkaW8tcmVubmVzLmdyb3VwZS1yb2No
ZXIuY29tght0aWxrYWwtcHJkLnBldGl0LWJhdGVhdS5jb22CD3ZwY2kucmljYXVk
LmNvbYIUdnBjaS55dmVzLXJvY2hlci5jb22CG3d3dy1ya3NwLnl2ZXMtcm9jaGVy
LmNvbS5teIImd3d3LmNvc21ldG92aWdpbGFuY2UuZ3JvdXBlLXJvY2hlci5jb22C
IXd3dy5leHRyYWN0ZXVyLWRvbm5lZXMtbWFnLXlyLmNvbYIgd3d3LmZvbmRhdGlv
bi1kYW5pZWxqb3V2YW5jZS5vcmeCG3d3dy5yZWNvbm5lY3QtdG8tbmF0dXJlLmNv
bYIQd3d3LnN0YW5mYWNpbC5lc4IQd3d3LnN0YW5ob21lLmNvbYIUd3d3LnN0YW5o
b21lcGVydGUuaXSCFXd3dy55dmVzLXJvY2hlci5jby50aIITd3d3Lnl2ZXMtcm9j
aGVyLmNvbYIWd3d3Lnl2ZXMtcm9jaGVyLmNvbS5teIIVd3d3Lnl2ZXNyb2NoZXIu
Y29tLm14ghF3d3cueXZlc3JvY2hlci5qbzATBgNVHSAEDDAKMAgGBmeBDAECATCC
AQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2AKLiv9Ye3i8vB6DWTm03p9xlQ7DGtS6i
2reK+Jpt9RfYAAABjDkc44AAAAQDAEcwRQIgSwoV7emp4g+JOYU4b68NZDKGOD6R
hKIjjfsFyvzlcrkCIQC0ao0BMht5zfI0uAZZOykc4CK6LRwfGY+dI87UAi3cBAB3
AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABjDkc49YAAAQDAEgw
RgIhANBkMTvwQNSywMLBepzh0l4mmwepxKIvzalCup9lErlUAiEA1dAiOw5DNlC7
UowhG3dSoquW25jCOb3g2SzJSXekoQkwDQYJKoZIhvcNAQELBQADggEBAH5SmSxH
tDU0XvGfM3up3uqaYgflo8RQpNFno/bFZZTuYFKmMm3XMmtz79gghyJfwvB75pQQ
S1p1pDNNAbObbXBHzgpo9G2W+UUt1RAfGrXo6DEhyW/+aPltZi5HjTCKw3l/DKlT
9CXicmB1kouGIC7esi9whWJzQFDsmreljHXIX1YM/qAA7Ed0uafvNEKy02zthdyW
cHxQJFtGwIJE6EWLCjvl2gfm96KpbCtYKvOeKTOTsOf1StSWaZmKBhMFfh1tHTWh
XbiuPwcwO6Chn4xts3BIJ0WwE9HRo5PCRyFN5MkhW37bfCOJxcnW7LxJT4bQBTt4
ERjH9Z/jMKALgCs=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2X8RpHfRypNlj3ofyMy1
8ejSgFqDTlDxPkxsT4CJjbFg0GGDjYTZ7lHTDwyWugXtdkomIinIJNeb8Vx7RNqt
f7Kxg2cJVe4K5YUWaBGPmVaLx5AlDA7NpBn25XjuRKh5qzinxOMyBvoKlfRLJDyC
kcmS2mpds79HzXMwQq8sCnpjXXYKiop55jI/Lm6xkMmmoqO65QOpdupDr5/E76bL
y+/Rl48NkFCQwOPX8rXdOHZhERYOGsnTSAKbgm5nJFw6HQcvFsGFw4YtDa2ZydYs
ZZ2uUWhLJILKd7/rLqC6GxQ42hQUYVzgqaQUqtOHy6Z0DArjEvVyhNBKLRzGr/yP
uQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 416256723287575720435229212811519544767085
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-05 07:34:03 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-04 07:34:02 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.yves-rocher.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27456372195402918476300212817924783084111949342759330212152881145580216319201079659990329938243606574744773212063224524638283809419022191606498642664363614902751956088161466852742464578297430916077075996876364442855611050488436499995767573218925389802315941324051748928589313993106350730028176291814764989134616895200932709176549185723290871413774420087958870768780247682938221029161203489783927288237204445392778173698938363312556110151695563135434690484653438545499944184720283688337158556091916808502191976987311542678123887953511301098111745449855005138912805588150493137234823137525908154462950639283371081764793
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							66f192e9abd5fac7bb888782ef509babe62e5216
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1014 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.groupe-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bi.yvesrocher.com.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'deal.yrg.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'descubre.yves-rocher.com.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eimv3-statics.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eimv3.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'flow.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gestorcomercial.yvesrocher.com.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.aod-care.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pcv-lcda.groupe-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pim.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 's.yrg.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'samy-it.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'samy-yrbe.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'samy-yrca.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'samy-yrce.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'samy-yres.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'samy-yrfr.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'samy-yrit.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'services.ricaud.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'services.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stanhome-lcda.groupe-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'storelocator.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'studio-rennes.groupe-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tilkal-prd.petit-bateau.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpci.ricaud.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpci.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-rksp.yves-rocher.com.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cosmetovigilance.groupe-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.extracteur-donnees-mag-yr.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.fondation-danieljouvance.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.reconnect-to-nature.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stanfacil.es'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stanhome.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stanhomeperte.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.yves-rocher.co.th'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.yves-rocher.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.yves-rocher.com.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.yvesrocher.com.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.yvesrocher.jo'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007600a2e2bfd61ede2f2f07a0d64e6d37a7dc6543b0c6b52ea2dab78af89a6df517d80000018c391ce380000004030047304502204b0a15ede9a9e20f893985386faf0d643286383e9184a2238dfb05cafce572b9022100b46a8d01321b79cdf234b806593b291ce022ba2d1c1f198f9d23ced4022ddc0400770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018c391ce3d60000040300483046022100d064313bf040d4b2c0c2c17a9ce1d25e269b07a9c4a22fcda942ba9f6512b954022100d5d0223b0e433650bb528c211b7752a2ab96db98c239bde0d92cc94977a4a109
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007e52992c47b435345ef19f337ba9deea9a6207e5a3c450a4d167a3f6c56594ee6052a6326dd7326b73efd82087225fc2f07be694104b5a75a4334d01b39b6d7047ce0a68f46d96f9452dd5101f1ab5e8e83121c96ffe68f96d662e478d308ac3797f0ca953f425e2726075928b86202edeb22f708562734050ec9ab7a58c75c85f560cfea000ec4774b9a7ef3442b2d36ced85dc96707c50245b46c08244e8458b0a3be5da07e6f7a2a96c2b582af39e293393b0e7f54ad49669998a0613057e1d6d1d35a15db8ae3f07303ba0a19f8c6db370482745b013d1d1a393c247214de4c9215b7edb7c2389c5c9d6ecbc494f86d0053b781118c7f59fe330a00b802b