backoffice.geovina.com

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:5b:1d:71:4c:13:54:d0:db:33:17:bc:e0:fc:d4:6b:cf:6f was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=backoffice.geovina.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:5b:1d:71:4c:13:54:d0:db:33:17:bc:e0:fc:d4:6b:cf:6f
Serial Number (int): 292341689069503631308709223783178361884527
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 93:1f:66:68:73:e9:45:29:bc:08:c4:2c:e5:47:b2:38:c1:fd:c5:9c
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): ba:58:2c:64:56:21:9e:9a:87:5e:c1:73:60:d8:9a:8a:a5:c4:04:d3
Fingerprint (sha256): 64:76:0e:35:0f:a9:a8:d7:89:88:38:50:6c:d6:e6:6b:1c:66:e9:12:13:18:9e:a0:25:cd:49:28:54:01:93:90

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate backoffice.geovina.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for backoffice.geovina.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

backoffice.geovina.com

Other certificates including the domain name geovina.com

(limited to 100 certificates)

Certificate

The complete raw certificate details for backoffice.geovina.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGZjCCBU6gAwIBAgISA1sdcUwTVNDbMxe84PzUa89vMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA2MTcyMTI5MTBaFw0x
OTA5MTUyMTI5MTBaMCExHzAdBgNVBAMTFmJhY2tvZmZpY2UuZ2VvdmluYS5jb20w
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8DW4Suyllnh83mQBoWxal
pD/Hg1SoUQBH0hkx34a/k2esrJMu2UxnYGEU3OsbOg/L/Lpj82R63T82/6M9L+iB
U8G32GvdFJ+Hafg0863tgr6+pvgIFo/1jN5dNJ/7SKxFUmXhBoCGcuXpkdg/OfTy
6KYog8IegMqnwnJmZ0VB0XhSAQNK3UwzoAQCVh1t6pW17psBtnnuAVD4yN5I9NLm
9csgBt6uz4u36y/fksa8cnCqwzuXMm7V5+ROJNqAxg/p6ySqVXg6Z5qKLpGpslHu
TMQpRq9FGxgIpWu4SAuWDdLXyB8KsYYfIRks2+ro+rPah1THtylRkYKK/qNUSGYQ
LHaFKGjvOKDx3HDt/J/j+82J5tAr3f9CuEulhggLXCBMD3BJQa1a9HcbAIdIg2Oe
JjQPNDkRk1m37oQBwjXTCpuoMIYP5/q94urPoZPQzrTNKYFpRa8MLh0+5Gn9NQEW
7c3LjNDgsCT3QYblHnck5W3ifHpT91VQTlc+5TdewHIpPMMvpKYwkZqYmI48D/Rs
G9vBqMYuPooVVCOF/uxRZgEtkVobJM2ccAIcoPrUi5IDKEyyv4YT4CA47UKnFaE4
xiTJvDGbW7ZIh0UAb3P5FaFce3+LFNzeqlvm8PmRWXDJ2w4sWjH0p06dSWezBSCN
3lVKeCmcb2xvPBe7B26Z1wIDAQABo4ICbTCCAmkwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud
DgQWBBSTH2Zoc+lFKbwIxCzlR7I4wf3FnDAfBgNVHSMEGDAWgBSoSmpjBH3duubR
ObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9v
Y3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9j
ZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMCEGA1UdEQQaMBiCFmJhY2tvZmZp
Y2UuZ2VvdmluYS5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMB
AQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEG
BgorBgEEAdZ5AgQCBIH3BIH0APIAdwDiaUuuJujpQAnohhu2O4PUPuf+dIj7pI8o
kwGd3fHb/gAAAWtnjvXEAAAEAwBIMEYCIQDFesGUiDdt2tAeXjriiMWcKivIDiAq
EsRXyzKhvT3ZpgIhAK0MvZXNj8eMrqNnzg2I6HvDnm4LEKLj6edQIVFLdSW7AHcA
Y/Lbzeg7zCzPC3KEJ1drM6SNYXePvXWmOLHHaFRL2I0AAAFrZ473XAAABAMASDBG
AiEA3pUCLZilKqqazujb1zuNjofFN6407PRiNNDWceg/RA8CIQDRuodAzxpE7b4I
noMgblMvxdGao65GM4WK2mfD3m2mYjANBgkqhkiG9w0BAQsFAAOCAQEADqfmVLo1
QGJLJ3hS2a6ltO2gFBPMSNK7lQAJ2+v2ON+PPfY2NJthRWenB022CcVATJdpbOrt
lq/pjq22TCR4sO08B3N/EXBrX0ztg3JFH9PMnvFoNkpXUEJfBvWNDeukhfoCIkpv
2mkuiy5CsZ/CDAxTDzdR1W3H3UMRWgcZ2ZXOcj2jVokfxfHMZVqPsObsoKFQqs2d
kwhhYxgpZ8s5Bd6DfRGM55xCY/oxy9oCs97cLnC2Y7KUlZSdsMJaulFWK5hQ5Xl+
frzxTlcffy4To9xtboft63XvPTuBKrVhKOnLiWZDzeUfZOaq+6be8bQ4I4bAWM45
XC++8ytqNUVt+g==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvA1uErspZZ4fN5kAaFsW
paQ/x4NUqFEAR9IZMd+Gv5NnrKyTLtlMZ2BhFNzrGzoPy/y6Y/Nket0/Nv+jPS/o
gVPBt9hr3RSfh2n4NPOt7YK+vqb4CBaP9YzeXTSf+0isRVJl4QaAhnLl6ZHYPzn0
8uimKIPCHoDKp8JyZmdFQdF4UgEDSt1MM6AEAlYdbeqVte6bAbZ57gFQ+MjeSPTS
5vXLIAbers+Lt+sv35LGvHJwqsM7lzJu1efkTiTagMYP6eskqlV4Omeaii6RqbJR
7kzEKUavRRsYCKVruEgLlg3S18gfCrGGHyEZLNvq6Pqz2odUx7cpUZGCiv6jVEhm
ECx2hSho7zig8dxw7fyf4/vNiebQK93/QrhLpYYIC1wgTA9wSUGtWvR3GwCHSINj
niY0DzQ5EZNZt+6EAcI10wqbqDCGD+f6veLqz6GT0M60zSmBaUWvDC4dPuRp/TUB
Fu3Ny4zQ4LAk90GG5R53JOVt4nx6U/dVUE5XPuU3XsByKTzDL6SmMJGamJiOPA/0
bBvbwajGLj6KFVQjhf7sUWYBLZFaGyTNnHACHKD61IuSAyhMsr+GE+AgOO1CpxWh
OMYkybwxm1u2SIdFAG9z+RWhXHt/ixTc3qpb5vD5kVlwydsOLFox9KdOnUlnswUg
jd5VSngpnG9sbzwXuwdumdcCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 292341689069503631308709223783178361884527
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-17 21:29:10 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-15 21:29:10 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'backoffice.geovina.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 767187106314986068400920067450487334039359739603820449892629019039638988959501264731067277731744574487065763138522797007773645293214463013201245670139518032482260137586313253089523687315913030152200475491955629819637967998283247141359298097070121166091146083709179127596698963511778317158164954377079742819185158400788124718204682816978154753354819892532967205243093117404025390500783469638159669905642429748589390377584204106211957207448966220448805483220690742551191270567882964164976147586300112651179564551119914292578462078566108311352115287569395012360431344841261274759635544376931724168586800577074570575056879398292576072085488208048920617356797786091156196827942612525192838189028194438928225377933761196843343838694284483083742326199101692332698600487765258775125105372186193711013587569822328642347373521078603428792928247617530231883754076350308315014775266134875340517611128688033049877208212101737156841871902076596641628875043746910774659692390229884404782355972107530484177250372192712879298828825622966548089353286587462447830326453667061042551501054388139744518859190389549552621689568651095288464309302647442118257158675868037476876251036947336099283029049547393770210729629047020354211528348958995421962387233239
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							931f666873e94529bc08c42ce547b238c1fdc59c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'backoffice.geovina.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
							00f2007700e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f2893019dddf1dbfe0000016b678ef5c40000040300483046022100c57ac19488376ddad01e5e3ae288c59c2a2bc80e202a12c457cb32a1bd3dd9a6022100ad0cbd95cd8fc78caea367ce0d88e87bc39e6e0b10a2e3e9e75021514b7525bb00770063f2dbcde83bcc2ccf0b728427576b33a48d61778fbd75a638b1c768544bd88d0000016b678ef75c0000040300483046022100de95022d98a52aaa9acee8dbd73b8d8e87c537ae34ecf46234d0d671e83f440f022100d1ba8740cf1a44edbe089e83206e532fc5d19aa3ae4633858ada67c3de6da662
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000ea7e654ba3540624b277852d9aea5b4eda01413cc48d2bb950009dbebf638df8f3df636349b614567a7074db609c5404c97696ceaed96afe98eadb64c2478b0ed3c07737f11706b5f4ced8372451fd3cc9ef168364a5750425f06f58d0deba485fa02224a6fda692e8b2e42b19fc20c0c530f3751d56dc7dd43115a0719d995ce723da356891fc5f1cc655a8fb0e6eca0a150aacd9d93086163182967cb3905de837d118ce79c4263fa31cbda02b3dedc2e70b663b29495949db0c25aba51562b9850e5797e7ebcf14e571f7f2e13a3dc6d6e87edeb75ef3d3b812ab56128e9cb896643cde51f64e6aafba6def1b4382386c058ce395c2fbef32b6a35456dfa