www.glow.cz

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:b3:5a:9f:b4:7f:f1:fb:8d:07:98:c0:ef:3a:7c:40:53:42 was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.glow.cz

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:b3:5a:9f:b4:7f:f1:fb:8d:07:98:c0:ef:3a:7c:40:53:42
Serial Number (int): 322367861229920469656323755194256617132866
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 0c:ab:89:c8:c4:20:ec:e0:bf:73:0b:76:a0:17:26:da:b1:ee:74:b5
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): ec:30:30:77:6e:e6:28:cf:dc:47:fe:7e:24:be:28:6f:6a:70:b5:25
Fingerprint (sha256): 60:6e:90:03:41:e7:36:d8:57:3f:34:bd:a4:06:3c:0b:36:b4:6b:dc:b8:f9:aa:1d:4d:64:cb:1e:dd:7b:5d:eb

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org/

Check the revocation status for certificate www.glow.cz

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.glow.cz

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

8 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

glow.cz
www.glow.cz

Other certificates including the domain name glow.cz

(limited to 100 certificates)
hamu.prob-amu.glow.cz
*.glow.cz
ranec.glow.cz
majak.glow.cz
www.glow.cz
hamu.prob-amu.glow.cz
t.glow.cz
webmail.glow.cz
oko2.glow.cz
www.glow.cz
www.glow.cz
reader.glow.cz
hamu.prob-amu.glow.cz
w.glow.cz
famu.prob-amu.glow.cz
doosancms.online.rev-doosan.glow.cz
webmail.glow.cz
reader.glow.cz
www.glow.cz
altmail.glow.cz
2itwiki.glow.cz
git.glow.cz
adastracorp.com
git.glow.cz
mail.glow.cz
altmail.glow.cz
adastra-web-sk.prob-prod.glow.cz
amu.prob-amu.glow.cz
mail.glow.cz
ranec.glow.cz
ranec.glow.cz
webmail.glow.cz
reader.glow.cz
jabber.glow.cz
adastra-web-sk.prob-prod.glow.cz
webmail.glow.cz
webmail.glow.cz
www.glow.cz
mail.glow.cz
mail.glow.cz
ranec.glow.cz
www.glow.cz
altmail.glow.cz
sekac.glow.cz
altmail.glow.cz
www.glow.cz
www.glow.cz
t.glow.cz
www.glow.cz
adastra-web-sk.prob-prod.glow.cz
tmobile-spolecenska-odpovednost.prob-prod.glow.cz
sekac.glow.cz
webmail.glow.cz
hamu.prob-amu.glow.cz
www.glow.cz
ranec.glow.cz
amu.prob-amu.glow.cz
webmail.glow.cz
2itwiki.glow.cz
webmail.glow.cz
www.glow.cz
hamu.prob-amu.glow.cz
altmail.glow.cz
sekac.glow.cz
doosancms.online.rev-doosan.glow.cz
altmail.glow.cz
www.glow.cz
mail.glow.cz
hamu.prob-amu.glow.cz
www.glow.cz
*.glow.cz
obrik.glow.cz
majak.glow.cz
hamu.prob-amu.glow.cz
altmail.glow.cz
webmail.glow.cz
www.glow.cz
hamu.prob-amu.glow.cz
w.glow.cz
obrik.glow.cz
webmail.glow.cz
webmail.glow.cz
webmail.glow.cz
www.glow.cz
hamu.prob-amu.glow.cz
www.glow.cz
webmail.glow.cz
adastracorp.com
reader.glow.cz
sekac.glow.cz
mail.glow.cz
www.glow.cz
t.glow.cz
reader.glow.cz
www.glow.cz
majak.glow.cz
obrik.glow.cz
ranec.glow.cz
dev.glow.cz
adastra-web-sk.prob-prod.glow.cz

Certificate

The complete raw certificate details for www.glow.cz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGAzCCBOugAwIBAgISA7Nan7R/8fuNB5jA7zp8QFNCMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA5MjUwMjA1MDBaFw0x
NjEyMjQwMjA1MDBaMBYxFDASBgNVBAMTC3d3dy5nbG93LmN6MIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEA5cJsb7tbK1m1O8pictf3q9iaBswlWFYUfZlu
OO5WM83S3dtydw5MGtoRdX0tUHWSoKRRpghn7iH1RHV0q22dX29lLEjPOC69D2Zz
6aNZVsJUV5rj+oZayPvkrgLG0v8akWssV7Zz7bgIra84FKsZIMBvk0vXYNXybsRv
69jfdn74ly5La547nKpZTh3O9opXmY/+ezLe/2yDQRrnqY0C8vLzFm1d7o3VFoLT
P+10QgNTUT5jtkcrsF5t8hyxHjmgS4NyubIN8KTCzZ+mw9VzshSLaH1Ji8CSF7iE
B1voh07GkNXzC6Z1Mfa5qk2j0QOmuIi/moCa8d6d20gY9AQzEcN8zJIL5cJWEVqK
YBzo3wtfOIkGIsgLHBJmlzpsLLj+P8TdJ2TjD+g8VuFbx0kwZEPbDHDWqJQix4SA
upDXgP0M9JEFJzl9TKIkkauyL5v6zS8IcK+27ta3H2HunIH9HuU1nmAvKJBdQW7O
ZWwjoSzMIdO0BADT4sRRS624DBf/GVjbkViTuGVqzDzmDjYDE4c5o/YPdXTPACY/
OOCbkzR/Sx/1HR5Cf2K6JLE47ACMUDPxI4TDTatngpGeW5DvkTLak0m72kM2Ch66
7G43cWqfLOh5sBMU9EkY3GTHvFT8/D7fhkoGZjCt2/F4esh14Xk2eiq8CQu5Yune
PuDHyyUCAwEAAaOCAhUwggIRMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUDKuJyMQg
7OC/cwt2oBcm2rHudLUwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEw
cAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMu
bGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgz
LmxldHNlbmNyeXB0Lm9yZy8wHwYDVR0RBBgwFoIHZ2xvdy5jeoILd3d3Lmdsb3cu
Y3owgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYG
CCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUH
AgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9u
IGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGgg
dGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNy
eXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAHRI/XTEhceMV
hNLUHV8S888NWKItVyCLE1qL610qqSvylLZGEV+O3WCc7sKVZJ+3JWeX4SGksIWz
0JCQMG46d9a1DT9zHF0CYLmQ7Wsx87/GI5cpkCx1AiYJaBUgEqoj2lLopeGfyRcl
1pwyDtO3hIKahOPI4PbAyW7i29wvxEIjqzEX+U9Fcwrv3cZZNS6kvxgO5wg3NjCj
Y3DnxNnAAVwqhBhW8C6MP2ypWayc8PJ4B2k6RsR8RQ4h3IH35Fvb4ztr0IrzBH/p
1JSVJYDF/OvuGWq76fydjxdqWxqIjPD3ZXoBMRidTPRlof7VgXgm1vNEJ5jQsXXx
Pt5qfGpbdA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5cJsb7tbK1m1O8pictf3
q9iaBswlWFYUfZluOO5WM83S3dtydw5MGtoRdX0tUHWSoKRRpghn7iH1RHV0q22d
X29lLEjPOC69D2Zz6aNZVsJUV5rj+oZayPvkrgLG0v8akWssV7Zz7bgIra84FKsZ
IMBvk0vXYNXybsRv69jfdn74ly5La547nKpZTh3O9opXmY/+ezLe/2yDQRrnqY0C
8vLzFm1d7o3VFoLTP+10QgNTUT5jtkcrsF5t8hyxHjmgS4NyubIN8KTCzZ+mw9Vz
shSLaH1Ji8CSF7iEB1voh07GkNXzC6Z1Mfa5qk2j0QOmuIi/moCa8d6d20gY9AQz
EcN8zJIL5cJWEVqKYBzo3wtfOIkGIsgLHBJmlzpsLLj+P8TdJ2TjD+g8VuFbx0kw
ZEPbDHDWqJQix4SAupDXgP0M9JEFJzl9TKIkkauyL5v6zS8IcK+27ta3H2HunIH9
HuU1nmAvKJBdQW7OZWwjoSzMIdO0BADT4sRRS624DBf/GVjbkViTuGVqzDzmDjYD
E4c5o/YPdXTPACY/OOCbkzR/Sx/1HR5Cf2K6JLE47ACMUDPxI4TDTatngpGeW5Dv
kTLak0m72kM2Ch667G43cWqfLOh5sBMU9EkY3GTHvFT8/D7fhkoGZjCt2/F4esh1
4Xk2eiq8CQu5YunePuDHyyUCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 322367861229920469656323755194256617132866
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-09-25 02:05:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-12-24 02:05:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.glow.cz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 937336847062520138222447300246425924112167856292901288271944884201445670098616459633890150311122539208539248139005043151831710432972633853883249422418732128326743739795671610718737906204875530065480638176085672983978900206089410835093180799457310078940890995465867512050710082175667440573571485211068044914574890418761378058859146227414540216276421620041273980384276848892009438105400754436157096883595642992068637458935227914973275966916508324368791233541347979027351391525620346718596483679498241602065184172650784978120094638305421109984846428477594024343796165824857272153081388059785455705843633690220103709662137317555063274033770588570402981190598924020341722528982465089397986848315726618664528060096108376842919640839095606965179157860113299333317445515348460238464623153216601255204956902410637528805875281614097005899100193673177252304276557625657147623991956910212322032134676243451376801303135512316482969872242458562975795225827709886666731334025184154886482039129326508995504192444422195660291004651996002836684212201452748385065173803343845852064917031487908681283237836047288439426477953268681780909838887816078036906606565139595537364071527838006997552325052126339252334840259221096252163927147984108949696319834917
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0cab89c8c420ece0bf730b76a01726dab1ee74b5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'glow.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.glow.cz'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001d123f5d312171e31584d2d41d5f12f3cf0d58a22d57208b135a8beb5d2aa92bf294b646115f8edd609ceec295649fb7256797e121a4b085b3d09090306e3a77d6b50d3f731c5d0260b990ed6b31f3bfc6239729902c7502260968152012aa23da52e8a5e19fc91725d69c320ed3b784829a84e3c8e0f6c0c96ee2dbdc2fc44223ab3117f94f45730aefddc659352ea4bf180ee708373630a36370e7c4d9c0015c2a841856f02e8c3f6ca959ac9cf0f27807693a46c47c450e21dc81f7e45bdbe33b6bd08af3047fe9d494952580c5fcebee196abbe9fc9d8f176a5b1a888cf0f7657a0131189d4cf465a1fed5817826d6f3442798d0b175f13ede6a7c6a5b74