www1.vericlaim.co.za
- Business Genetics -
Issued by Thawte SSL CA
About this certificate
This digital certificate with serial number 3f:fd:4b:cc:72:01:db:14:26:81:83:17:b3:4f:8f:b8 was issued on by Thawte, Inc..
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)
Business Genetics
Organization:
Business Genetics
Organization unit: VeriClaim
Organization unit: VeriClaim
State / Province:
Gauteng
Locality: Johannesburg
Country: ZA
Locality: Johannesburg
Country: ZA
Thawte, Inc.
Organization:
Thawte, Inc.
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 3f:fd:4b:cc:72:01:db:14:26:81:83:17:b3:4f:8f:b8Serial Number (int): 85056552218207972783586950869312049080
Serial Number lenght: 126 bits, 16 octets
SubjectKeyId:
AuthorityKeyId: a7:a2:83:bb:34:45:40:3d:fc:d5:30:4f:12:b9:3e:a1:01:9f:f6:db
Fingerprint (sha1): 7e:6f:fa:0b:1d:b3:a1:b9:b2:18:c6:40:92:ab:01:5e:9b:93:fc:6d
Fingerprint (sha256): 80:f2:d1:25:48:0c:44:1f:70:84:ec:8b:c3:63:fd:cd:8e:ae:8e:cd:24:b3:c2:38:87:ec:58:c5:ff:5f:e7:89
Issuing Certificate URL: http://svr-ov-aia.thawte.com/ThawteOV.cer
Revocation information
OCSP Server: http://ocsp.thawte.comCRL Distribution Point: http://svr-ov-crl.thawte.com/ThawteOV.crl
Check the revocation status for certificate www1.vericlaim.co.za
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www1.vericlaim.co.za
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA1 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
8 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
www1.vericlaim.co.za
Other certificates including the domain name vericlaim.co.za
(limited to 100 certificates)
www4.vericlaim.co.za
*.vericlaim.co.za
www.vericlaim.co.za
uat.vericlaim.co.za
training.vericlaim.co.za
*.vericlaim.co.za
www3.vericlaim.co.za
www2.vericlaim.co.za
prod.vericlaim.co.za
www2.vericlaim.co.za
*.vericlaim.co.za
*.vericlaim.co.za
www.vericlaim.co.za
www.vericlaim.co.za
www1.vericlaim.co.za
www1.vericlaim.co.za
www2.vericlaim.co.za
www3.vericlaim.co.za
www3.vericlaim.co.za
*.vericlaim.co.za
*.vericlaim.co.za
www3.vericlaim.co.za
www3.vericlaim.co.za
*.vericlaim.co.za
*.vericlaim.co.za
stage.vericlaim.co.za
*.vericlaim.co.za
www1.vericlaim.co.za
stage.vericlaim.co.za
stage.vericlaim.co.za
training.vericlaim.co.za
uat.vericlaim.co.za
*.vericlaim.co.za
www.vericlaim.co.za
uat.vericlaim.co.za
training.vericlaim.co.za
*.vericlaim.co.za
www3.vericlaim.co.za
www2.vericlaim.co.za
prod.vericlaim.co.za
www2.vericlaim.co.za
*.vericlaim.co.za
*.vericlaim.co.za
www.vericlaim.co.za
www.vericlaim.co.za
www1.vericlaim.co.za
www1.vericlaim.co.za
www2.vericlaim.co.za
www3.vericlaim.co.za
www3.vericlaim.co.za
*.vericlaim.co.za
*.vericlaim.co.za
www3.vericlaim.co.za
www3.vericlaim.co.za
*.vericlaim.co.za
*.vericlaim.co.za
stage.vericlaim.co.za
*.vericlaim.co.za
www1.vericlaim.co.za
stage.vericlaim.co.za
stage.vericlaim.co.za
training.vericlaim.co.za
uat.vericlaim.co.za
Certificate
The complete raw certificate details for www1.vericlaim.co.za in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIEuTCCA6GgAwIBAgIQP/1LzHIB2xQmgYMXs0+PuDANBgkqhkiG9w0BAQUFADA8 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRYwFAYDVQQDEw1U aGF3dGUgU1NMIENBMB4XDTE0MDEyOTAwMDAwMFoXDTE1MDEzMTIzNTk1OVowgYUx CzAJBgNVBAYTAlpBMRAwDgYDVQQIEwdHYXV0ZW5nMRUwEwYDVQQHFAxKb2hhbm5l c2J1cmcxGjAYBgNVBAoUEUJ1c2luZXNzIEdlbmV0aWNzMRIwEAYDVQQLFAlWZXJp Q2xhaW0xHTAbBgNVBAMUFHd3dzEudmVyaWNsYWltLmNvLnphMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP/+w/MFeAbF0c0tvKWyoRHyy0BBQ7KQRo9d NdVQWIqrxrMgFMhabNu/uOTJI0tV2T0dLJKaJG1vUQyYrVIblJ4q45LroTxKbRzJ +9CFMRtGCG/3jR0OOqN3i9pM3Mz1+5cuZ9ttAXaMjdJ2NPYPtCmo/F3Sl76EFBgm 2yJSPMFp9Kh9eNOKUNtTfr56MCzfUxF1DiexP0Q1B9F5jtKbX8iDCuUW2DtBFWF/ tMkZH0uUG58R/XT27CSpRkQLqFn0BIG/MWOttJjuBdxM7jPozNVh5BoToxC0Aw3V w8rg5XZbyFpyEH4+chsomxNDnECScXIIMCkS4dTvYwMI2yqQfQIDAQABo4IBazCC AWcwHwYDVR0RBBgwFoIUd3d3MS52ZXJpY2xhaW0uY28uemEwCQYDVR0TBAIwADBC BgNVHSAEOzA5MDcGCmCGSAGG+EUBBzYwKTAnBggrBgEFBQcCARYbaHR0cHM6Ly93 d3cudGhhd3RlLmNvbS9jcHMvMA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAWgBSn ooO7NEVAPfzVME8SuT6hAZ/22zA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vc3Zy LW92LWNybC50aGF3dGUuY29tL1RoYXd0ZU9WLmNybDAdBgNVHSUEFjAUBggrBgEF BQcDAQYIKwYBBQUHAwIwaQYIKwYBBQUHAQEEXTBbMCIGCCsGAQUFBzABhhZodHRw Oi8vb2NzcC50aGF3dGUuY29tMDUGCCsGAQUFBzAChilodHRwOi8vc3ZyLW92LWFp YS50aGF3dGUuY29tL1RoYXd0ZU9WLmNlcjANBgkqhkiG9w0BAQUFAAOCAQEAFUVY 1S8P/o4TNCySjBU1Y1tsYyLiqMm0AWvCnAmNa3/x5FrZCxAfSCT5g+qs6+xW1DzN w56oYnca2Qu+4CgWv9v2Qs8hYE9TX3/ZmEi/ss0NFdjHG6kedBQ7EbljPXbDZZWH C5IqTRhPsVgaV1vp/PzRWsaJNb/fXUEQK7S/T4XtFKthZczA51D1jlwRMb9hRK4l D0nHtHR4wN5hzU7G4IZz0XC0i8RK6DOBwZN8Ww+x3rs9CPL/tSs5XjiKGYS6Z8Xf O1ZtsTnQiyTVSvd2PfnqSwUe/8dwN/sHDN9A2Bsf/vDuUr8ptkqQaN3fwQ7YvFIi a/9s4o3mNQoUAVtSjA== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP/+w/MFeAbF0c0tvKWy oRHyy0BBQ7KQRo9dNdVQWIqrxrMgFMhabNu/uOTJI0tV2T0dLJKaJG1vUQyYrVIb lJ4q45LroTxKbRzJ+9CFMRtGCG/3jR0OOqN3i9pM3Mz1+5cuZ9ttAXaMjdJ2NPYP tCmo/F3Sl76EFBgm2yJSPMFp9Kh9eNOKUNtTfr56MCzfUxF1DiexP0Q1B9F5jtKb X8iDCuUW2DtBFWF/tMkZH0uUG58R/XT27CSpRkQLqFn0BIG/MWOttJjuBdxM7jPo zNVh5BoToxC0Aw3Vw8rg5XZbyFpyEH4+chsomxNDnECScXIIMCkS4dTvYwMI2yqQ fQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 85056552218207972783586950869312049080 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte SSL CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-01-29 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-01-31 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ZA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gauteng' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Johannesburg' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Business Genetics' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'VeriClaim' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'www1.vericlaim.co.za' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21839224381039645095292132399482031692339402696831217640289697957809560003080776419672387741827860053673607572528563569994683479924938769246798894191368827834618468988051103478899416451399064170855092478556079012555208526970429823961526721840487548295975605769989370674068120470656272193785075530909720668110138774834932107834015118526315436186340932120288621930011684413456906381488904635129919261817294164077293405345142724668942934342477214964496316701854905880492312991596250266711682655485057165323175729387342052021705899994206474420507055658717467943292994081971486403964164829409389338268244289725140304564349 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www1.vericlaim.co.za' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (59 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.113733.1.7.54 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.thawte.com/cps/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a7a283bb3445403dfcd5304f12b93ea1019ff6db . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://svr-ov-crl.thawte.com/ThawteOV.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (93 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.thawte.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://svr-ov-aia.thawte.com/ThawteOV.cer' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00154558d52f0ffe8e13342c928c1535635b6c6322e2a8c9b4016bc29c098d6b7ff1e45ad90b101f4824f983eaacebec56d43ccdc39ea862771ad90bbee02816bfdbf642cf21604f535f7fd99848bfb2cd0d15d8c71ba91e74143b11b9633d76c36595870b922a4d184fb1581a575be9fcfcd15ac68935bfdf5d41102bb4bf4f85ed14ab6165ccc0e750f58e5c1131bf6144ae250f49c7b47478c0de61cd4ec6e08673d170b48bc44ae83381c1937c5b0fb1debb3d08f2ffb52b395e388a1984ba67c5df3b566db139d08b24d54af7763df9ea4b051effc77037fb070cdf40d81b1ffef0ee52bf29b64a9068dddfc10ed8bc52226bff6ce28de6350a14015b528c