www.4dnucleome.org

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:32:fb:02:4d:04:7a:0f:d4:71:b6:4b:41:ea:a2:1b:e2:4a was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.4dnucleome.org

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:32:fb:02:4d:04:7a:0f:d4:71:b6:4b:41:ea:a2:1b:e2:4a
Serial Number (int): 278684624314963622506355031938352109314634
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 32:3b:1d:32:83:34:33:e3:e1:33:4b:30:68:f4:6c:14:af:c5:aa:8e
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): c8:f4:3d:13:e2:97:0f:02:6d:e8:c8:43:5c:0e:38:40:c1:31:26:f5
Fingerprint (sha256): 98:f6:72:f6:15:ab:0b:16:b3:57:06:74:3a:2e:26:a5:04:ff:7c:37:bc:0d:10:e5:c7:9d:0f:92:08:68:e4:18

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate www.4dnucleome.org

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.4dnucleome.org

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

8 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

4dnucleome.org
www.4dnucleome.org

Other certificates including the domain name 4dnucleome.org

(limited to 100 certificates)
jupyter.4dnucleome.org
foursight.4dnucleome.org
dcic.4dnucleome.org
jupyter.4dnucleome.org
dcic.4dnucleome.org
4dnucleome.org
beta.4dnucleome.org
4dnucleome.org
beta.4dnucleome.org
www.4dnucleome.org
4dnucleome.org
www.4dnucleome.org
higlass.4dnucleome.org
beta.4dnucleome.org
testportal.4dnucleome.org
beta.4dnucleome.org
dcic.4dnucleome.org
dcic.4dnucleome.org
dcic.4dnucleome.org
dcic.4dnucleome.org
4dnucleome.org
foursight.4dnucleome.org
testportal.4dnucleome.org
archive.4dnucleome.org
www.4dnucleome.org
beta.4dnucleome.org
jupyter.4dnucleome.org
beta.4dnucleome.org
4dnucleome.org
foursight.4dnucleome.org
data.4dnucleome.org
4dnucleome.org
imperva.com
higlass.4dnucleome.org
dcic.4dnucleome.org
mastertest.4dnucleome.org
higlass.4dnucleome.org
4dnucleome.org
4dnucleome.org
dcic.4dnucleome.org
4dnucleome.org
4dnucleome.org
4dnucleome.org
www.4dnucleome.org
data.4dnucleome.org
www.4dnucleome.org
imperva.com
4dnucleome.org
testportal.4dnucleome.org
data.4dnucleome.org
mastertest.4dnucleome.org
www.4dnucleome.org
www.4dnucleome.org
higlass.4dnucleome.org
www.4dnucleome.org
4dnucleome.org
foursight.4dnucleome.org
data.4dnucleome.org
data.4dnucleome.org
archive.4dnucleome.org
www.4dnucleome.org
archive.4dnucleome.org
dcic.4dnucleome.org
4dnucleome.org
archive.4dnucleome.org
testportal.4dnucleome.org
staging.4dnucleome.org
archive.4dnucleome.org
4dnucleome.org
4dnucleome.org
foursight.4dnucleome.org
higlass.4dnucleome.org
jupyter.4dnucleome.org
data.4dnucleome.org
4dnucleome.org

Certificate

The complete raw certificate details for www.4dnucleome.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgISAzL7Ak0Eeg/UcbZLQeqiG+JKMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzA5MjcwODU5MDBaFw0x
NzEyMjYwODU5MDBaMB0xGzAZBgNVBAMTEnd3dy40ZG51Y2xlb21lLm9yZzCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALHjYmzwke/mGXWx3wr/Dm1ShJoq
wlxB0DkwcLTjK9E39ZR+79YIMVd54AP2y28ovm7rFSRYIlU5gKgPDNXbgkhsNGOg
QedKrm0oW3CEo1Jh/lf0G2nlRjiq3CC26KLcYGrwLe+v+Ht4nnxOWqfbjTb2eK03
Fq/khEmFgfnMZgcYAvwJcmk5FrSK/WoHsG0NthIsRZbDgvAAWD0vrtEALrQwC24g
8vK9AdBm6pZWE9DI/oIPLGuHzES8iu0WdoyztMwa4H1KJ4brF3sh7jOmj4uiCrYq
sHxbJCps6brGdnUFAA5nAEnMnxjTtuCcPecQY1dKrJay8OuNMhqyF/UmNhaEpYLX
OlGJNa55ikJ4BIHcwrPDkbevO0XQldW/J9zXnb5g5wdj2AkKCBGuDd5mXScKdsWy
+bQ5XXR6nx2V2MDnh075VtCTGS75OAZ5tJQbOSFFvBzFobY2wSRdvLG2ssU8kcFd
n5JvAzOPGVeIhH2rdVMg3HaWMktMW0j0QW3mmQ/wwA4cZXQnR9MHdIM00oz0bKQi
oYmElVgOV488I8XuLLuassDl11mBecou/oTlm4uzoGUEWsHl/pTBo/g8DQpfatVy
O2o7APAPZ4owWaF46XkPkbynAiQszqzAZzgvtJ7HGx6ckHJBQyjZyx9QyQM6N04A
2d562U7pIJxcaiQZAgMBAAGjggIiMIICHjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FDI7HTKDNDPj4TNLMGj0bBSvxaqOMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZF
Ze/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3Au
aW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQu
aW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYDVR0RBCYwJIIONGRudWNsZW9tZS5v
cmeCEnd3dy40ZG51Y2xlb21lLm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB
5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu
Y3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5
IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5
IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5k
IGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3
DQEBCwUAA4IBAQAf5ENL2x9FLulFZs1pmHH6Hr5S9osR2V2GWJDPCdjcUIGy8g+O
YzTlikMo3gqU7pPVpFq6XKMR1eZ52eFYKitTa9uzpgPsRAZEg8KhlVWjJj4RAS/M
ciXTpc79S+Crrs94+bXlB4lLBoEweSsprnhFCleZycv1aAmJuuTD7zg5L2Ie/DZk
aunt7vnO/i1bCIApYrq/ukDL8TTw8MJv56a95IDcK07cCzO1tBq/JExGVlfQlkkR
M5KC/C1i5Ws+k5P9kHRqoENybUMfo1hKwxmooOH4lplPuGU8LWrYcOoQOtYmZb2q
RxAP8qJOjBhIgrq665a1b0vbJ0pXt1KGpkP0
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAseNibPCR7+YZdbHfCv8O
bVKEmirCXEHQOTBwtOMr0Tf1lH7v1ggxV3ngA/bLbyi+busVJFgiVTmAqA8M1duC
SGw0Y6BB50qubShbcISjUmH+V/QbaeVGOKrcILbootxgavAt76/4e3iefE5ap9uN
NvZ4rTcWr+SESYWB+cxmBxgC/AlyaTkWtIr9agewbQ22EixFlsOC8ABYPS+u0QAu
tDALbiDy8r0B0GbqllYT0Mj+gg8sa4fMRLyK7RZ2jLO0zBrgfUonhusXeyHuM6aP
i6IKtiqwfFskKmzpusZ2dQUADmcAScyfGNO24Jw95xBjV0qslrLw640yGrIX9SY2
FoSlgtc6UYk1rnmKQngEgdzCs8ORt687RdCV1b8n3NedvmDnB2PYCQoIEa4N3mZd
Jwp2xbL5tDlddHqfHZXYwOeHTvlW0JMZLvk4Bnm0lBs5IUW8HMWhtjbBJF28sbay
xTyRwV2fkm8DM48ZV4iEfat1UyDcdpYyS0xbSPRBbeaZD/DADhxldCdH0wd0gzTS
jPRspCKhiYSVWA5Xjzwjxe4su5qywOXXWYF5yi7+hOWbi7OgZQRaweX+lMGj+DwN
Cl9q1XI7ajsA8A9nijBZoXjpeQ+RvKcCJCzOrMBnOC+0nscbHpyQckFDKNnLH1DJ
Azo3TgDZ3nrZTukgnFxqJBkCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 278684624314963622506355031938352109314634
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-09-27 08:59:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-12-26 08:59:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.4dnucleome.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 725720623960382825656904391362321625769552211827820632983732680235727324750440775142479718036894924868559088836006274575970926841024382731893915519401510736912596133927256447359568804540034417199462512665811804249131864721920946345052640611664630113031623835139153281391397263670135722348422922349594200300084833145510755174834446904541832943180706300042300891042466294079045508047915979017277579466064086792452503936555593901054682712991455516135703871809467382852950868478492480621721178077336803979254323818914242758072767083461047783031376321466709983803240723951892050982473449175384274333941078823273258145184692659706786770893271386735365245349635029874423123826375577709209146131077243235774799057798108001447218418584967766946722295052727881053357861161923662987496216036449489359179129757134144859443747165060600089788885644549027197675271894134075421356280464100603565351503646949440884922836741218124634924031775112348576200471577504816400223868074872247030339634725817946474746685634964352312028858293978123871118115835705800135608184477562544660624855694494453404032481265964189578446767099027949350306143236526544352224832100927585715808380812218620577557512697517524315590129030480382490047640812054420041536564241433
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							323b1d32833433e3e1334b3068f46c14afc5aa8e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '4dnucleome.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.4dnucleome.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001fe4434bdb1f452ee94566cd699871fa1ebe52f68b11d95d865890cf09d8dc5081b2f20f8e6334e58a4328de0a94ee93d5a45aba5ca311d5e679d9e1582a2b536bdbb3a603ec44064483c2a19555a3263e11012fcc7225d3a5cefd4be0abaecf78f9b5e507894b068130792b29ae78450a5799c9cbf5680989bae4c3ef38392f621efc36646ae9edeef9cefe2d5b08802962babfba40cbf134f0f0c26fe7a6bde480dc2b4edc0b33b5b41abf244c465657d0964911339282fc2d62e56b3e9393fd90746aa043726d431fa3584ac319a8a0e1f896994fb8653c2d6ad870ea103ad62665bdaa47100ff2a24e8c184882babaeb96b56f4bdb274a57b75286a643f4