www.shelf.nz

Issued by R3

About this certificate

This digital certificate with serial number 03:f4:18:6d:b7:0a:02:b5:66:04:c1:35:7d:0c:7b:e3:99:fe was issued on by Let's Encrypt.

With 30 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.shelf.nz

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:f4:18:6d:b7:0a:02:b5:66:04:c1:35:7d:0c:7b:e3:99:fe
Serial Number (int): 344398226468720220662856718211110846831102
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 29:a2:81:45:75:a6:3b:1b:d3:0d:85:25:ec:46:03:c9:ed:92:dd:71
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 52:a5:cb:22:0c:6d:a5:72:78:d2:73:7c:cb:88:d3:40:2c:03:62:c5
Fingerprint (sha256): 76:09:1c:0b:3c:e2:42:ac:4a:de:39:24:5e:74:a4:c2:c1:a6:ab:f0:12:ad:3a:15:42:8f:b3:77:44:a3:d6:7e

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate www.shelf.nz

30

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.shelf.nz

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

asphaltrepairs.xyz
carlonicolas.xyz
gamblermagazine.biz
jamescannon.xyz
jordancherin.xyz
kidkronik.xyz
labgrow.net
metke.xyz
oakridgeseasonings.biz
operationwomen.co.nz
profound-strategy.biz
shelf.nz
stifler.xyz
subscriberconnect.com
web3brothers.xyz
www.asphaltrepairs.xyz
www.carlonicolas.xyz
www.gamblermagazine.biz
www.jamescannon.xyz
www.jordancherin.xyz
www.kidkronik.xyz
www.labgrow.net
www.metke.xyz
www.oakridgeseasonings.biz
www.operationwomen.co.nz
www.profound-strategy.biz
www.shelf.nz
www.stifler.xyz
www.subscriberconnect.com
www.web3brothers.xyz

Other certificates including the domain name shelf.nz

(limited to 100 certificates)
www.shelf.nz

Certificate

The complete raw certificate details for www.shelf.nz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHLTCCBhWgAwIBAgISA/QYbbcKArVmBME1fQx745n+MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA3MTYwMzI4NDdaFw0yMzEwMTQwMzI4NDZaMBcxFTATBgNVBAMT
DHd3dy5zaGVsZi5uejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALeI
eFY3OvyTaPqE7K2y01vwBUdQK94mzlhcQIEl9w0US2RNvnHVfPqlpE1Emyrkinv3
HeX1sypag3maAfnaoKa9Dj71lTXJogxA/5PbKznz9uvaaMPIIDxOos5sJZk/+Yco
ziLH28wlN4TQmBniSEY6u8pXU8dbtpXtSOxMJQNyEg014P6XJ344vwA4Hu9gAgni
3LKpLJldL8bSWcEoGL18sbF+UcHtFauwfZgjBLCLgwsLMUquq/kXXKRSXGsG0TG8
//mJgJzcEAYh/uGbCt50fjrUYrmu1v3xjr1nyjtrvaIE3VB5RpJiuW2pVyU1kYn3
MUpdOFxB+KCvXLDAza8CAwEAAaOCBFYwggRSMA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUKaKBRXWmOxvTDYUl7EYDye2S3XEwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA
5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu
by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w
ggJdBgNVHREEggJUMIICUIISYXNwaGFsdHJlcGFpcnMueHl6ghBjYXJsb25pY29s
YXMueHl6ghNnYW1ibGVybWFnYXppbmUuYml6gg9qYW1lc2Nhbm5vbi54eXqCEGpv
cmRhbmNoZXJpbi54eXqCDWtpZGtyb25pay54eXqCC2xhYmdyb3cubmV0ggltZXRr
ZS54eXqCFm9ha3JpZGdlc2Vhc29uaW5ncy5iaXqCFG9wZXJhdGlvbndvbWVuLmNv
Lm56ghVwcm9mb3VuZC1zdHJhdGVneS5iaXqCCHNoZWxmLm56ggtzdGlmbGVyLnh5
eoIVc3Vic2NyaWJlcmNvbm5lY3QuY29tghB3ZWIzYnJvdGhlcnMueHl6ghZ3d3cu
YXNwaGFsdHJlcGFpcnMueHl6ghR3d3cuY2FybG9uaWNvbGFzLnh5eoIXd3d3Lmdh
bWJsZXJtYWdhemluZS5iaXqCE3d3dy5qYW1lc2Nhbm5vbi54eXqCFHd3dy5qb3Jk
YW5jaGVyaW4ueHl6ghF3d3cua2lka3JvbmlrLnh5eoIPd3d3LmxhYmdyb3cubmV0
gg13d3cubWV0a2UueHl6ghp3d3cub2FrcmlkZ2VzZWFzb25pbmdzLmJpeoIYd3d3
Lm9wZXJhdGlvbndvbWVuLmNvLm56ghl3d3cucHJvZm91bmQtc3RyYXRlZ3kuYml6
ggx3d3cuc2hlbGYubnqCD3d3dy5zdGlmbGVyLnh5eoIZd3d3LnN1YnNjcmliZXJj
b25uZWN0LmNvbYIUd3d3LndlYjNicm90aGVycy54eXowEwYDVR0gBAwwCjAIBgZn
gQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgB6MoxU2LcttiDqOOBSHumE
FnAyE4VNO9IrwTpXo1LrUgAAAYlc9U6DAAAEAwBHMEUCIDmMp3ntU9w9pK2QTeLH
0EsSYzLHtlL5pUz/95fcJnQvAiEA8y31X7TD1rRcWRn/HP+ZAhIi8h73nTXI8AKH
ruS7LvcAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYlc9U6q
AAAEAwBHMEUCIQD+PmDPvRexuz6hpOS37QvvvPvEXPkpw03SR7QXOodpCwIgeB8a
nPh5EekqPwCykVrE0g85oi3ZOabVl2Xk9TiiYoswDQYJKoZIhvcNAQELBQADggEB
AAgBWjktk6hT27+d6I59E32WLcugctu3pN/0Oeyz7GoJFD2P2Rb9hgcyWB7TPaLa
22NDDtQjnfZ/gbxLPjB/oDm2slCS325ZvOOQd8NTpBHA1CioVQq6gsGib4CsZn10
ux8ECimi3mJvOT7kPpeom58CDApRo8UFics69NWPo8ggcqVdhXaroQcWeP06d5BK
oYVu4O5RioIR6vF+ZxWGu4/rj3qFP6/9J2Li7U/yP+muD9GeBywf6PiqomPuqMzU
KRVZVFxnPP7a2fvkUzNOvOLMNItmA2GxGMWmI+jWnMcbunTAd8vFjWlT+BSi6z3t
nRGC/n0U6sKBxTzi1Qtp2W8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4h4Vjc6/JNo+oTsrbLT
W/AFR1Ar3ibOWFxAgSX3DRRLZE2+cdV8+qWkTUSbKuSKe/cd5fWzKlqDeZoB+dqg
pr0OPvWVNcmiDED/k9srOfP269pow8ggPE6izmwlmT/5hyjOIsfbzCU3hNCYGeJI
Rjq7yldTx1u2le1I7EwlA3ISDTXg/pcnfji/ADge72ACCeLcsqksmV0vxtJZwSgY
vXyxsX5Rwe0Vq7B9mCMEsIuDCwsxSq6r+RdcpFJcawbRMbz/+YmAnNwQBiH+4ZsK
3nR+OtRiua7W/fGOvWfKO2u9ogTdUHlGkmK5balXJTWRifcxSl04XEH4oK9csMDN
rwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 344398226468720220662856718211110846831102
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-16 03:28:47 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-14 03:28:46 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.shelf.nz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23168905706262819039956686981271105139038802108089333612083197088264292991629089448413384265741345457948042578866404779273895687990646071486989790181791474951334530847758752175053420792428312499830449815870964267846544239073370392553320861092784269639676336461366010306180237694799901953601278738251207106781315925664983748687202290296050281796871176387151869780776232924554643918015616779686461959530350738902769045787047600203277263136698625126554212755775243332927183653005333259227509139374605377315586584063526341823053354523253244419873997809634914509293178071903709181002403403744394116835553985117067690429871
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							29a2814575a63b1bd30d8525ec4603c9ed92dd71
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (596 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'asphaltrepairs.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'carlonicolas.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gamblermagazine.biz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jamescannon.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jordancherin.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kidkronik.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'labgrow.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'metke.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oakridgeseasonings.biz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'operationwomen.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'profound-strategy.biz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shelf.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stifler.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'subscriberconnect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'web3brothers.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.asphaltrepairs.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.carlonicolas.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.gamblermagazine.biz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jamescannon.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jordancherin.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kidkronik.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.labgrow.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.metke.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.oakridgeseasonings.biz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.operationwomen.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.profound-strategy.biz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.shelf.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stifler.xyz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.subscriberconnect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.web3brothers.xyz'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f00076007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb52000001895cf54e8300000403004730450220398ca779ed53dc3da4ad904de2c7d04b126332c7b652f9a54cfff797dc26742f022100f32df55fb4c3d6b45c5919ff1cff99021222f21ef79d35c8f00287aee4bb2ef7007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a000001895cf54eaa0000040300473045022100fe3e60cfbd17b1bb3ea1a4e4b7ed0befbcfbc45cf929c34dd247b4173a87690b0220781f1a9cf87911e92a3f00b2915ac4d20f39a22dd939a6d59765e4f538a2628b
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0008015a392d93a853dbbf9de88e7d137d962dcba072dbb7a4dff439ecb3ec6a09143d8fd916fd860732581ed33da2dadb63430ed4239df67f81bc4b3e307fa039b6b25092df6e59bce39077c353a411c0d428a8550aba82c1a26f80ac667d74bb1f040a29a2de626f393ee43e97a89b9f020c0a51a3c50589cb3af4d58fa3c82072a55d8576aba1071678fd3a77904aa1856ee0ee518a8211eaf17e671586bb8feb8f7a853faffd2762e2ed4ff23fe9ae0fd19e072c1fe8f8aaa263eea8ccd4291559545c673cfedad9fbe453334ebce2cc348b660361b118c5a623e8d69cc71bba74c077cbc58d6953f814a2eb3ded9d1182fe7d14eac281c53ce2d50b69d96f