aafl.co.nz

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:24:d4:b7:cb:84:a8:91:59:2c:b0:e1:55:d0:1f:77:1f:4d was issued on by Let's Encrypt.

With 90 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=aafl.co.nz

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:24:d4:b7:cb:84:a8:91:59:2c:b0:e1:55:d0:1f:77:1f:4d
Serial Number (int): 273869773657705474853245650546579679420237
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 9d:be:c0:44:8d:14:de:64:35:b0:e7:5b:21:a6:cd:e4:eb:73:49:2c
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): d6:2d:44:25:d8:7e:f1:84:b0:5e:0e:6f:c9:4f:e7:39:48:8b:e0:27
Fingerprint (sha256): 66:af:76:f6:8c:85:d3:aa:69:d4:e8:93:3b:ca:42:7b:78:35:52:fc:5c:58:f3:a2:27:93:fb:29:db:ee:ee:73

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate aafl.co.nz

90

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for aafl.co.nz

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

aafl.co.nz
abundantlife.school.nz
ahiparagamefishclub.co.nz
ararimu.school.nz
ashleyforestrallysprint.co.nz
aucklandrugby.co.nz
aucklandsquashjuniors.nz
aucklandtouch.co.nz
basketballtaranaki.co.nz
boptouch.co.nz
bowlshawkesbay.org.nz
bowlswaikanae.com
bsgevents.co.nz
bullernetball.co.nz
cometswimming.co.nz
csa.org.nz
eakfc.org
ecbsoftball.org.nz
feildinglawnmowerracing.org.nz
generatenetwork.org
greertonponyclub.com
hamiltoncanoepolo.org.nz
harbourhockey.org.nz
hbcommunityfitness.co.nz
hbcommunityfitness.org.nz
hblp.co.nz
hbsfc.co.nz
hockeysouthcanterbury.co.nz
hyc.org.nz
jcc.org.nz
juniorcricket.co.nz
jyf.co.nz
karakacricket.co.nz
karakatennis.co.nz
kensingtonfitness.co.nz
kiwikidz.co.nz
lucknow.school.nz
mandevillesports.co.nz
manurewaswimmingclub.co.nz
marketground.co.nz
marlborough-car-club.co.nz
marlboroughparktennis.co.nz
marlboroughvolleyball.org.nz
morningtonbowlingclub.co.nz
mtrbmx.co.nz
nelsonfarmersmarket.co.nz
nelsonfarmersmarket.org.nz
nelsonsoftball.org.nz
netballwairarapa.co.nz
northcoterugby.co.nz
northharboursoftball.co.nz
northharbourtag.co.nz
nskfc.org.nz
nzpowerlifting.co.nz
nztua.com
osssa.org.nz
otahuhuroversrugbyleague.co.nz
parafednorthland.co.nz
playbowls.co.nz
ponsonbybowls.nz
porritt.school.nz
prdf.co.nz
ratec.org.nz
rbpc.nz
riverroad.co.nz
schoolground.com
schoolsportaoraki.co.nz
shoreroversnetball.co.nz
southerntack.co.nz
sportotago.co.nz
sportsground.com
stewartalexander.co.nz
stjosephschb.school.nz
sunrisecottage.co.nz
tabletennis.org.nz
taradale.co.nz
tasportscycling.co.nz
temata.school.nz
terracechb.school.nz
torbaytennis.org.nz
touchnorthharbour.co.nz
touchpapamoa.co.nz
tutangiora.nz
twyford.school.nz
waiopehu.ac.nz
waiukuponyclub.co.nz
wellingtonrnr.org.nz
whangareitri.co.nz
wmcc.net.nz
woodendrugby.co.nz

Other certificates including the domain name aafl.co.nz

(limited to 100 certificates)
www.nelsoncarclub.co.nz
www.blenheimgolfclub.co.nz
sporty.co.nz
www.tabletennis.org.nz
sporty.co.nz
sporty.co.nz
northcanterburyrugby.co.nz
hastings-central.school.nz
ultrarunner.org.nz
www.oacnz.org
sporty.co.nz
aafl.co.nz
sporty.co.nz
northharbourtag.co.nz
trenthamrifleclub.co.nz
sporty.co.nz
sporty.co.nz
aucklandmarist.co.nz
www.wmsc.org.nz
uniss.co.nz
www.badmintonhb.co.nz
pioneerbasketballclub.co.nz
www.melrosetargetshooting.co.nz
www.mttauharagymnastics.co.nz
yes.stockx.co.nz
basketballtaranaki.co.nz
www.schoolground.com

Certificate

The complete raw certificate details for aafl.co.nz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIMizCCC3OgAwIBAgISAyTUt8uEqJFZLLDhVdAfdx9NMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAxMjkwNTM3NThaFw0y
MDA0MjgwNTM3NThaMBUxEzARBgNVBAMTCmFhZmwuY28ubnowggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCorr+daEW6zTHLre2UEA1piG5hk/Dt9pRI0V9c
yLwWkTfMwmf3mS2ncyAAJd4U09cxgCarr1L8OSbp4PS6AJke9VX8YbeSMFgqOJwB
BRW1MddO74ceK4qeE4jFYMM0NBRsm2iTXQNS7SDAj2P8EcjDAKqTal3eRPZQG7qT
rWeRd10JGdXpA/SI4NKmCUFuOXl+KGcvdKtB/FTovWO0Ooo1fo49JV9s7WlViaEc
MCfQxOvRHcyluuVQ/LUKMUoCzTb0cMhhTOgEGkyQMNw9WJ6dYjGq3ABq6hWpKgjj
gECiBmuL0Bo5+m0cM9jsGveTsW72jc8YYMop0kwXyt/DLNavAgMBAAGjggmeMIIJ
mjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJ2+wESNFN5kNbDnWyGmzeTrc0ksMB8G
A1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAu
BggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAv
BggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w
ggdSBgNVHREEggdJMIIHRYIKYWFmbC5jby5ueoIWYWJ1bmRhbnRsaWZlLnNjaG9v
bC5ueoIZYWhpcGFyYWdhbWVmaXNoY2x1Yi5jby5ueoIRYXJhcmltdS5zY2hvb2wu
bnqCHWFzaGxleWZvcmVzdHJhbGx5c3ByaW50LmNvLm56ghNhdWNrbGFuZHJ1Z2J5
LmNvLm56ghhhdWNrbGFuZHNxdWFzaGp1bmlvcnMubnqCE2F1Y2tsYW5kdG91Y2gu
Y28ubnqCGGJhc2tldGJhbGx0YXJhbmFraS5jby5ueoIOYm9wdG91Y2guY28ubnqC
FWJvd2xzaGF3a2VzYmF5Lm9yZy5ueoIRYm93bHN3YWlrYW5hZS5jb22CD2JzZ2V2
ZW50cy5jby5ueoITYnVsbGVybmV0YmFsbC5jby5ueoITY29tZXRzd2ltbWluZy5j
by5ueoIKY3NhLm9yZy5ueoIJZWFrZmMub3JnghJlY2Jzb2Z0YmFsbC5vcmcubnqC
HmZlaWxkaW5nbGF3bm1vd2VycmFjaW5nLm9yZy5ueoITZ2VuZXJhdGVuZXR3b3Jr
Lm9yZ4IUZ3JlZXJ0b25wb255Y2x1Yi5jb22CGGhhbWlsdG9uY2Fub2Vwb2xvLm9y
Zy5ueoIUaGFyYm91cmhvY2tleS5vcmcubnqCGGhiY29tbXVuaXR5Zml0bmVzcy5j
by5ueoIZaGJjb21tdW5pdHlmaXRuZXNzLm9yZy5ueoIKaGJscC5jby5ueoILaGJz
ZmMuY28ubnqCG2hvY2tleXNvdXRoY2FudGVyYnVyeS5jby5ueoIKaHljLm9yZy5u
eoIKamNjLm9yZy5ueoITanVuaW9yY3JpY2tldC5jby5ueoIJanlmLmNvLm56ghNr
YXJha2Fjcmlja2V0LmNvLm56ghJrYXJha2F0ZW5uaXMuY28ubnqCF2tlbnNpbmd0
b25maXRuZXNzLmNvLm56gg5raXdpa2lkei5jby5ueoIRbHVja25vdy5zY2hvb2wu
bnqCFm1hbmRldmlsbGVzcG9ydHMuY28ubnqCGm1hbnVyZXdhc3dpbW1pbmdjbHVi
LmNvLm56ghJtYXJrZXRncm91bmQuY28ubnqCGm1hcmxib3JvdWdoLWNhci1jbHVi
LmNvLm56ghttYXJsYm9yb3VnaHBhcmt0ZW5uaXMuY28ubnqCHG1hcmxib3JvdWdo
dm9sbGV5YmFsbC5vcmcubnqCG21vcm5pbmd0b25ib3dsaW5nY2x1Yi5jby5ueoIM
bXRyYm14LmNvLm56ghluZWxzb25mYXJtZXJzbWFya2V0LmNvLm56ghpuZWxzb25m
YXJtZXJzbWFya2V0Lm9yZy5ueoIVbmVsc29uc29mdGJhbGwub3JnLm56ghZuZXRi
YWxsd2FpcmFyYXBhLmNvLm56ghRub3J0aGNvdGVydWdieS5jby5ueoIabm9ydGho
YXJib3Vyc29mdGJhbGwuY28ubnqCFW5vcnRoaGFyYm91cnRhZy5jby5ueoIMbnNr
ZmMub3JnLm56ghRuenBvd2VybGlmdGluZy5jby5ueoIJbnp0dWEuY29tggxvc3Nz
YS5vcmcubnqCHm90YWh1aHVyb3ZlcnNydWdieWxlYWd1ZS5jby5ueoIWcGFyYWZl
ZG5vcnRobGFuZC5jby5ueoIPcGxheWJvd2xzLmNvLm56ghBwb25zb25ieWJvd2xz
Lm56ghFwb3JyaXR0LnNjaG9vbC5ueoIKcHJkZi5jby5ueoIMcmF0ZWMub3JnLm56
ggdyYnBjLm56gg9yaXZlcnJvYWQuY28ubnqCEHNjaG9vbGdyb3VuZC5jb22CF3Nj
aG9vbHNwb3J0YW9yYWtpLmNvLm56ghhzaG9yZXJvdmVyc25ldGJhbGwuY28ubnqC
EnNvdXRoZXJudGFjay5jby5ueoIQc3BvcnRvdGFnby5jby5ueoIQc3BvcnRzZ3Jv
dW5kLmNvbYIWc3Rld2FydGFsZXhhbmRlci5jby5ueoIWc3Rqb3NlcGhzY2hiLnNj
aG9vbC5ueoIUc3VucmlzZWNvdHRhZ2UuY28ubnqCEnRhYmxldGVubmlzLm9yZy5u
eoIOdGFyYWRhbGUuY28ubnqCFXRhc3BvcnRzY3ljbGluZy5jby5ueoIQdGVtYXRh
LnNjaG9vbC5ueoIUdGVycmFjZWNoYi5zY2hvb2wubnqCE3RvcmJheXRlbm5pcy5v
cmcubnqCF3RvdWNobm9ydGhoYXJib3VyLmNvLm56ghJ0b3VjaHBhcGFtb2EuY28u
bnqCDXR1dGFuZ2lvcmEubnqCEXR3eWZvcmQuc2Nob29sLm56gg53YWlvcGVodS5h
Yy5ueoIUd2FpdWt1cG9ueWNsdWIuY28ubnqCFHdlbGxpbmd0b25ybnIub3JnLm56
ghJ3aGFuZ2FyZWl0cmkuY28ubnqCC3dtY2MubmV0Lm56ghJ3b29kZW5kcnVnYnku
Y28ubnowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggr
BgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5
AgQCBIH1BIHyAPAAdgDwlaRZ8gDRgkAQLS+TiI6tS/4dR+OZ4dA0prCoqo6ycwAA
AW/wBVMmAAAEAwBHMEUCIQDJx48rIintNlfxUEwuNzg+CGQwvrkfk5EnluzoF/Zc
CQIgGh2nrkt3r/RM5oDH2xVIJGRo0y+ccN2N3oAzmQhk0+sAdgAHt1wb5X1o//Gw
xh0jFce65ld8V5S3au68YToaadOiHAAAAW/wBVN5AAAEAwBHMEUCIDhdx71JuXnW
zmGFil98ZkxnYYBe/eBGDX0rvEcjcZ6sAiEAr+7J7++FHIK2KIGgmAtoL9BEQA/b
TxB9XoT668rI5yswDQYJKoZIhvcNAQELBQADggEBAElze5HG3k4ggnvQVEzWjYcf
AkrJ4IxouO1SDaX6HioNICC310Jk3noFH+Zq2QueeohEWk6DhsDmfsFe3yICbGDd
Bz/MpxQwZ4SHJaSxYEtHHryM327d2Lqk1RCHxwgunJIqkMTkzEK/81qpTGzAMlOd
hmKam+OzSaXJ2Cy/qr3/oWDpB7SRAcJfUFUYw0DSI7pePtTeH3OJTkRwyEaXf/HE
m/NY1Jt7mhFHAymbrME/ZiA7sK5G8jiEQ+m5hadbA81IPZw7eKOoEwDtIvD31Tkx
SfZtHwBktF2TNR+x9/GtR9GS65jCacRTTcIyzJb9h5KgzPTPHQAA02RpZZ0sTEo=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqK6/nWhFus0xy63tlBAN
aYhuYZPw7faUSNFfXMi8FpE3zMJn95ktp3MgACXeFNPXMYAmq69S/Dkm6eD0ugCZ
HvVV/GG3kjBYKjicAQUVtTHXTu+HHiuKnhOIxWDDNDQUbJtok10DUu0gwI9j/BHI
wwCqk2pd3kT2UBu6k61nkXddCRnV6QP0iODSpglBbjl5fihnL3SrQfxU6L1jtDqK
NX6OPSVfbO1pVYmhHDAn0MTr0R3MpbrlUPy1CjFKAs029HDIYUzoBBpMkDDcPVie
nWIxqtwAauoVqSoI44BAogZri9AaOfptHDPY7Br3k7Fu9o3PGGDKKdJMF8rfwyzW
rwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 273869773657705474853245650546579679420237
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-29 05:37:58 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-04-28 05:37:58 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'aafl.co.nz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21294206929138792673649430344604426974064825355499285331404553813539733690010690205024853673729667998725601888343218728297817034270492759558996547293293577799220525734723701013545271369209253695908584707931776202465899694905888463071492472045613597356281263066914857317448936649002128050723101843728678387766344650916145104712244245043257516174735578579720318952041539843333250316330058493045892088111699821290527045207582823709171891309370014761836893633630522608722886973823202064111798442846438797279200101829090457485823219610617673290820438553997707393199021259843068964723616893467910079305026530703306337867439
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							9dbec0448d14de6435b0e75b21a6cde4eb73492c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1865 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aafl.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abundantlife.school.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ahiparagamefishclub.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ararimu.school.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ashleyforestrallysprint.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aucklandrugby.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aucklandsquashjuniors.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aucklandtouch.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'basketballtaranaki.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'boptouch.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bowlshawkesbay.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bowlswaikanae.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bsgevents.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bullernetball.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cometswimming.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'csa.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eakfc.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ecbsoftball.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feildinglawnmowerracing.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'generatenetwork.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'greertonponyclub.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hamiltoncanoepolo.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'harbourhockey.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hbcommunityfitness.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hbcommunityfitness.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hblp.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hbsfc.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hockeysouthcanterbury.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hyc.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jcc.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'juniorcricket.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jyf.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'karakacricket.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'karakatennis.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kensingtonfitness.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kiwikidz.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lucknow.school.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mandevillesports.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manurewaswimmingclub.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'marketground.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'marlborough-car-club.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'marlboroughparktennis.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'marlboroughvolleyball.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'morningtonbowlingclub.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mtrbmx.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nelsonfarmersmarket.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nelsonfarmersmarket.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nelsonsoftball.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'netballwairarapa.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'northcoterugby.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'northharboursoftball.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'northharbourtag.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nskfc.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nzpowerlifting.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nztua.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'osssa.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'otahuhuroversrugbyleague.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'parafednorthland.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'playbowls.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ponsonbybowls.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'porritt.school.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prdf.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ratec.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rbpc.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'riverroad.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'schoolground.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'schoolsportaoraki.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shoreroversnetball.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'southerntack.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sportotago.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sportsground.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stewartalexander.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stjosephschb.school.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sunrisecottage.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tabletennis.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'taradale.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tasportscycling.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'temata.school.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'terracechb.school.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'torbaytennis.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'touchnorthharbour.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'touchpapamoa.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tutangiora.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'twyford.school.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'waiopehu.ac.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'waiukuponyclub.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wellingtonrnr.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'whangareitri.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wmcc.net.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'woodendrugby.co.nz'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb2730000016ff00553260000040300473045022100c9c78f2b2229ed3657f1504c2e37383e086430beb91f93912796ece817f65c0902201a1da7ae4b77aff44ce680c7db1548246468d32f9c70dd8dde8033990864d3eb00760007b75c1be57d68fff1b0c61d2315c7bae6577c5794b76aeebc613a1a69d3a21c0000016ff005537900000403004730450220385dc7bd49b979d6ce61858a5f7c664c6761805efde0460d7d2bbc4723719eac022100afeec9efef851c82b62881a0980b682fd044400fdb4f107d5e84faebcac8e72b
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0049737b91c6de4e20827bd0544cd68d871f024ac9e08c68b8ed520da5fa1e2a0d2020b7d74264de7a051fe66ad90b9e7a88445a4e8386c0e67ec15edf22026c60dd073fcca7143067848725a4b1604b471ebc8cdf6eddd8baa4d51087c7082e9c922a90c4e4cc42bff35aa94c6cc032539d86629a9be3b349a5c9d82cbfaabdffa160e907b49101c25f505518c340d223ba5e3ed4de1f73894e4470c846977ff1c49bf358d49b7b9a114703299bacc13f66203bb0ae46f2388443e9b985a75b03cd483d9c3b78a3a81300ed22f0f7d5393149f66d1f0064b45d93351fb1f7f1ad47d192eb98c269c4534dc232cc96fd8792a0ccf4cf1d0000d36469659d2c4c4a