leserreisen.bnn.de

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:64:d5:32:2e:49:61:cb:b2:fd:52:bb:9d:13:06:65:1e:e9 was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=leserreisen.bnn.de

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:64:d5:32:2e:49:61:cb:b2:fd:52:bb:9d:13:06:65:1e:e9
Serial Number (int): 295648480604124464043185506799404175400681
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 53:6f:84:9d:a4:65:5f:ee:c0:c1:66:d6:ca:d2:a3:74:14:ca:71:1f
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): 49:a9:eb:d3:3b:3d:bc:e8:04:e0:e6:fb:be:67:90:cc:31:50:e9:3d
Fingerprint (sha256): 8d:a7:24:6a:ab:76:98:5b:f4:d1:31:f1:e5:82:60:2b:c9:80:6a:e4:ec:e2:d1:a3:47:b2:97:41:1b:9a:78:58

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate leserreisen.bnn.de

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for leserreisen.bnn.de

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

leserreisen.bnn.de

Other certificates including the domain name bnn.de

(limited to 100 certificates)
selbsteingabe.jobs.bnn.de
pageflow.bnn.de
pageflow.bnn.de
pageflow.bnn.de
pageflow.bnn.de
pageflow.bnn.de
bnn.de
appapi-elb.bnn.de
jobs.bnn.de
test.dev.bnn.de
printportal.bnn.de
www.ingedenken.de
*.staging.bnn.de
pageflow.bnn.de
sandbox.service.bnn.de
jobs.bnn.de
pageflow.bnn.de
pageflow.bnn.de
kino.bnn.de
a.westfalen-blatt.de
pageflow.bnn.de
veranstaltungen.bnn.de
bnn.de
pageflow.bnn.de
selbsteingabe.jobs.bnn.de
selbsteingabe.jobs.bnn.de
pageflow.bnn.de
pageflow.bnn.de
printportal.bnn.de
appapi.bnn.de
a.westfalen-blatt.de
selbsteingabe.jobs.bnn.de
api.geo-real.it
leserreisen.bnn.de
sandbox.service.bnn.de
stage.service.bnn.de
a.westfalen-blatt.de
pageflow.bnn.de
pageflow.bnn.de
selbsteingabe.jobs.bnn.de
api.geo-real.it
jobs.bnn.de
pageflow.bnn.de
selbsteingabe.jobs.bnn.de
veranstaltungen.bnn.de
bnn.de
dev.bnn.de
jobs.bnn.de
printportal.bnn.de
pageflow.bnn.de
www.bnn.de
www.bnn.de
api.geo-real.it
jobs.bnn.de
jobs.bnn.de
sandbox.service.bnn.de
jobs.bnn.de
api.geo-real.it
appapi-qa-elb.bnn.de
appapi-elb.bnn.de
pageflow.bnn.de
staging.bnn.de
jobs.bnn.de
*.bnn.de
pageflow.bnn.de
api.geo-real.it
veranstaltungen.bnn.de
*.bnn.de
pageflow.bnn.de
kino.bnn.de
pageflow.bnn.de
leserreisen.bnn.de
kino.bnn.de
jobs.bnn.de
stage.service.bnn.de
veranstaltungen.bnn.de
pageflow.bnn.de
jobs.bnn.de
pageflow.bnn.de
appapi-elb.bnn.de
sandbox.service.bnn.de
pageflow.bnn.de
appapi-qa-elb.bnn.de
selbsteingabe.jobs.bnn.de
leserreisen.bnn.de
pageflow.bnn.de
jobs.bnn.de
*.bnn.de
kino.bnn.de
*.bnn.de
api.geo-real.it
*.bnn.de
pageflow.bnn.de
jobs.bnn.de
veranstaltungen.bnn.de
veranstaltungen.bnn.de
www.ingedenken.de
kino.bnn.de
jobs.bnn.de
selbsteingabe.jobs.bnn.de

Certificate

The complete raw certificate details for leserreisen.bnn.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGXTCCBUWgAwIBAgISA2TVMi5JYcuy/VK7nRMGZR7pMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAyMDEyMjAwMzRaFw0y
MDA1MDEyMjAwMzRaMB0xGzAZBgNVBAMTEmxlc2VycmVpc2VuLmJubi5kZTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAML1W53HM/sm0bYPEN91TKsUrP8o
yr9XNtch5xm2YmsbVPoRrcEjARQGu+46zbUkOzKCRXsCft7iUoxZF4rjfPTAq5Vv
hCN7NLHSW/eGCjcSWj5aMfBvaFu6AUKbt3mvcTNnp0O9i26u5ytXHqORo0Kv11N4
mb3W/gF872kt0xyR7Ym/8a1VvZ/6mbeAb8lBqPLuDFT05gl4VoaJr0fxDGFE66FN
6Zhl9lwqe2586Ic14TJKtHfNTGnM1+r0pFTJ+3TNSY44dMN0eY9D3brrzG8LMmGP
9WO/9kNuI3zW16DiH/eYtAa8ea2nkVF7QxPxAFUe454ba5j59EdLOQ6rKsHzWyN+
FF2JrVIpfaxCl+ahN5lIEq+DSyibIrDn6Ys6ViT4/nrVw324SrnGgldRfPVsltsB
UjVh6K7bWxX3DoCxnyMIwKqG3eC0Fp/b45AS2fCFJkNwkiN9sOUGTxpIdgg1/xht
hZOgczn2aqu2hMWc/MEYDEq+UJcQ+IjJEHWyw3AnkQ3X8zaaNrme9/62C41E/NKl
fjiAVMWwThS2T8kSMsmtmxcfRY2Hts8iCUc3i6BGR4tlwpoIb5sdNwHkYMLRvmr3
ZSRa+pCGSaCXUClnS198PGUFPu+CW1HluqP5JuSC/aid1rc9Yuq9A7cW7PE3PLSW
wPes4jPiPPt3mF+LAgMBAAGjggJoMIICZDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FFNvhJ2kZV/uwMFm1srSo3QUynEfMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZF
Ze/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3Au
aW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQu
aW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wHQYDVR0RBBYwFIISbGVzZXJyZWlzZW4u
Ym5uLmRlMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHW
eQIEAgSB9gSB8wDxAHcAB7dcG+V9aP/xsMYdIxXHuuZXfFeUt2ruvGE6GmnTohwA
AAFwAvwAxAAABAMASDBGAiEAzMow7nMJgYxXjQzRtH0KcrEAZeSQADpe1Hvg7Re/
0NUCIQCWheZK8q3yGwTrbB2j/UXsKBpi17+9hmgLIVot/RUI+gB2APCVpFnyANGC
QBAtL5OIjq1L/h1H45nh0DSmsKiqjrJzAAABcAL8AnYAAAQDAEcwRQIgY0DTEo+0
v5oieQhopjfAlPRi3WBmhLgqjVenQCaQkPgCIQCDyuDxcoKr0tDntukNyYGlP0J5
h1kMgJgxVZDOq9IaQzANBgkqhkiG9w0BAQsFAAOCAQEAXBHEuy6NtqkU6nxmZXhi
yxqBnwMA63pBD6P/yzmPGRZzKuGIaly7b8PJvomil5kcvhmg1ONPD/eck7smW4cl
cI8YUOrNk9bCPEEmXfPmd3e05hHY9ZYvK93JskNLQN7sOpQbb97Wa37kgvS2rCwU
uUP6H377FfUVf3QSKr7z/Qc7/u5zo8iSXh6EV4smxoHw6pHdTOa5MXxJUAiuv4f+
hpmU8El/gGrBuV+/NBVm2L0RbYgnRGT2axKqnVDLNNVPcqLbIPlD1ihmg9E+to0e
sUsxGCbY1Lwiw4yzkg/BiATvwQjjxnwhH4g40j6Dc1GZD/HvPdbwbj8Rw0/zrlK4
+Q==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwvVbnccz+ybRtg8Q33VM
qxSs/yjKv1c21yHnGbZiaxtU+hGtwSMBFAa77jrNtSQ7MoJFewJ+3uJSjFkXiuN8
9MCrlW+EI3s0sdJb94YKNxJaPlox8G9oW7oBQpu3ea9xM2enQ72Lbq7nK1ceo5Gj
Qq/XU3iZvdb+AXzvaS3THJHtib/xrVW9n/qZt4BvyUGo8u4MVPTmCXhWhomvR/EM
YUTroU3pmGX2XCp7bnzohzXhMkq0d81MaczX6vSkVMn7dM1Jjjh0w3R5j0PduuvM
bwsyYY/1Y7/2Q24jfNbXoOIf95i0Brx5raeRUXtDE/EAVR7jnhtrmPn0R0s5Dqsq
wfNbI34UXYmtUil9rEKX5qE3mUgSr4NLKJsisOfpizpWJPj+etXDfbhKucaCV1F8
9WyW2wFSNWHorttbFfcOgLGfIwjAqobd4LQWn9vjkBLZ8IUmQ3CSI32w5QZPGkh2
CDX/GG2Fk6BzOfZqq7aExZz8wRgMSr5QlxD4iMkQdbLDcCeRDdfzNpo2uZ73/rYL
jUT80qV+OIBUxbBOFLZPyRIyya2bFx9FjYe2zyIJRzeLoEZHi2XCmghvmx03AeRg
wtG+avdlJFr6kIZJoJdQKWdLX3w8ZQU+74JbUeW6o/km5IL9qJ3Wtz1i6r0Dtxbs
8Tc8tJbA96ziM+I8+3eYX4sCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 295648480604124464043185506799404175400681
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-02-01 22:00:34 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-05-01 22:00:34 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'leserreisen.bnn.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 795360999213087572020991364397322692220239198946469497439885422590584240798221687038692129544047994714676157806029073868421245699638152733417567235352006829716332622923174088449883905658126517539095515363003781809103705414070075355201289616616296301722255324467852921592761830860839787050008338022942641149750352286808157748459772865060411011071165694930785513980667126111129399644410642801073476141470714241200907807636649687721366696680037641863005906359553216130778628427828517280037900654264129446689836983281580965490248158710231852220757732089115402717837285514497345333379659482240482525209100498202926278153045562002644171765601694184837777744210851614486802122144004137864324953641659395834188006117570586993256870786182364980524639352326262923160759047453371916724941069877688405668803278270636124761110395333739221471216766822566442937771242071980735770373247205863747863945495271085423247175127219855324968636962204316626523617130418890741900812799853686034701472860888259015969839127172521925050585290660228763089947359114954942816452621185162839851383764332709527309422911385680463683171954095184893845000834466444117792088896248342705248878859016492227572525358799125997473166822287276123840974002892152505818668359563
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							536f849da4655feec0c166d6cad2a37414ca711f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'leserreisen.bnn.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f100770007b75c1be57d68fff1b0c61d2315c7bae6577c5794b76aeebc613a1a69d3a21c0000017002fc00c40000040300483046022100ccca30ee7309818c578d0cd1b47d0a72b10065e490003a5ed47be0ed17bfd0d50221009685e64af2adf21b04eb6c1da3fd45ec281a62d7bfbd86680b215a2dfd1508fa007600f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb2730000017002fc0276000004030047304502206340d3128fb4bf9a22790868a637c094f462dd606684b82a8d57a740269090f802210083cae0f17282abd2d0e7b6e90dc981a53f427987590c8098315590ceabd21a43
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005c11c4bb2e8db6a914ea7c66657862cb1a819f0300eb7a410fa3ffcb398f1916732ae1886a5cbb6fc3c9be89a297991cbe19a0d4e34f0ff79c93bb265b8725708f1850eacd93d6c23c41265df3e67777b4e611d8f5962f2bddc9b2434b40deec3a941b6fded66b7ee482f4b6ac2c14b943fa1f7efb15f5157f74122abef3fd073bfeee73a3c8925e1e84578b26c681f0ea91dd4ce6b9317c495008aebf87fe869994f0497f806ac1b95fbf341566d8bd116d88274464f66b12aa9d50cb34d54f72a2db20f943d6286683d13eb68d1eb14b311826d8d4bc22c38cb3920fc18804efc108e3c67c211f8838d23e837351990ff1ef3dd6f06e3f11c34ff3ae52b8f9