leserreisen.bnn.de

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 04:5f:f6:36:81:d2:62:29:1b:34:b0:62:48:54:d2:81:94:d8 was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=leserreisen.bnn.de

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:5f:f6:36:81:d2:62:29:1b:34:b0:62:48:54:d2:81:94:d8
Serial Number (int): 381103241688622723025400390030091064808664
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 86:2d:d3:3d:5f:a5:26:bc:0d:01:12:6a:9a:ca:59:b7:5e:87:93:e4
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): 0b:f8:8d:53:0b:2f:d7:49:4f:5d:49:d1:b6:01:87:6c:d8:23:c8:75
Fingerprint (sha256): a2:e2:15:c0:81:5a:f3:0f:f7:fb:ed:8c:a0:ee:24:4f:0b:eb:23:39:6d:2c:14:48:0d:b4:f7:af:80:75:f6:ff

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate leserreisen.bnn.de

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for leserreisen.bnn.de

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

leserreisen.bnn.de

Other certificates including the domain name bnn.de

(limited to 100 certificates)
selbsteingabe.jobs.bnn.de
pageflow.bnn.de
pageflow.bnn.de
pageflow.bnn.de
pageflow.bnn.de
pageflow.bnn.de
bnn.de
appapi-elb.bnn.de
jobs.bnn.de
test.dev.bnn.de
printportal.bnn.de
www.ingedenken.de
*.staging.bnn.de
pageflow.bnn.de
sandbox.service.bnn.de
jobs.bnn.de
pageflow.bnn.de
pageflow.bnn.de
kino.bnn.de
a.westfalen-blatt.de
pageflow.bnn.de
veranstaltungen.bnn.de
bnn.de
pageflow.bnn.de
selbsteingabe.jobs.bnn.de
selbsteingabe.jobs.bnn.de
pageflow.bnn.de
pageflow.bnn.de
printportal.bnn.de
appapi.bnn.de
a.westfalen-blatt.de
selbsteingabe.jobs.bnn.de
api.geo-real.it
leserreisen.bnn.de
sandbox.service.bnn.de
stage.service.bnn.de
a.westfalen-blatt.de
pageflow.bnn.de
pageflow.bnn.de
selbsteingabe.jobs.bnn.de
api.geo-real.it
jobs.bnn.de
pageflow.bnn.de
selbsteingabe.jobs.bnn.de
veranstaltungen.bnn.de
bnn.de
dev.bnn.de
jobs.bnn.de
printportal.bnn.de
pageflow.bnn.de
www.bnn.de
www.bnn.de
api.geo-real.it
jobs.bnn.de
jobs.bnn.de
sandbox.service.bnn.de
jobs.bnn.de
api.geo-real.it
appapi-qa-elb.bnn.de
appapi-elb.bnn.de
pageflow.bnn.de
staging.bnn.de
jobs.bnn.de
*.bnn.de
pageflow.bnn.de
api.geo-real.it
veranstaltungen.bnn.de
*.bnn.de
pageflow.bnn.de
kino.bnn.de
pageflow.bnn.de
leserreisen.bnn.de
kino.bnn.de
jobs.bnn.de
stage.service.bnn.de
veranstaltungen.bnn.de
pageflow.bnn.de
jobs.bnn.de
pageflow.bnn.de
appapi-elb.bnn.de
sandbox.service.bnn.de
pageflow.bnn.de
appapi-qa-elb.bnn.de
selbsteingabe.jobs.bnn.de
leserreisen.bnn.de
pageflow.bnn.de
jobs.bnn.de
*.bnn.de
kino.bnn.de
*.bnn.de
api.geo-real.it
*.bnn.de
pageflow.bnn.de
jobs.bnn.de
veranstaltungen.bnn.de
veranstaltungen.bnn.de
www.ingedenken.de
kino.bnn.de
jobs.bnn.de
selbsteingabe.jobs.bnn.de

Certificate

The complete raw certificate details for leserreisen.bnn.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGXjCCBUagAwIBAgISBF/2NoHSYikbNLBiSFTSgZTYMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAzMjIyMjMwMzBaFw0y
MDA2MjAyMjMwMzBaMB0xGzAZBgNVBAMTEmxlc2VycmVpc2VuLmJubi5kZTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO9Lroz9HGgWpx8399fjVFGZRgkf
vlpyD9BB/Sq762tfL8L0TQhPyeT4/aq2Lh/+OiGM25wXL4G+GSSy7rcYjtqX4deG
45S3ErAZUNPUyeorIc8KucMAhc+fEh39kpMtcg8I1Gv2zFAZ2thSDMqXpdMepdzw
N+b24lzpf3UrYUMLDX2iDExPSHwBTNoHiKV1uxjsehkjMbHcplClPxEUAx4YJ1e9
CxrUJ+y2fcwq49CELdyp6F2elLdGzwMEFY0u7VOlPSMwV+8HVzd3JUj8OanAbgHG
/yL5dWAq2vVx3H9IDQEksvA91HS9I3uHx0V0FxBsGILrpyChxDmBY64+zw/hcgIF
IyXkmjfx4U59F5prSo6JKDKoiCELkoXJBu60cegUjVtIBaJ7oFTykqo4Iv8XIAMd
fHiOFVv95kQ6t+iaFhWHIsP8MFIGEWJSr+LSWU1xNgwz+SiFmcHQfAJEuUQ0h+cr
shUm27Fzsa6a7sVB1NVZN0/CQ3F7aCUeAFSBllJzAO8WxQjYp/lwPUCb/FjBwXEH
9k0+mp43+j31axP7pImsXnDKoKlztFkA9xf7ovn4tADWmUU5dIGEDpGMAfl+379j
gvtu4pXKD6rgsTGyVpOi1tUsO5x36S1z4+v3DFZ0lZ3YvgP83SjAHC5j1/KLsZnr
2HniCA05lem4E3m5AgMBAAGjggJpMIICZTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FIYt0z1fpSa8DQESaprKWbdeh5PkMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZF
Ze/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3Au
aW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQu
aW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wHQYDVR0RBBYwFIISbGVzZXJyZWlzZW4u
Ym5uLmRlMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHW
eQIEAgSB9wSB9ADyAHcAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4A
AAFxBJVe2wAABAMASDBGAiEAsj0bpOOOH7TbFdvbUwmnw8Atb9I0L85uPd8Vr1SM
GVMCIQDVDtFnBgeAatAt1KhIz3b6p7JnoXCfLbhhbRjeV6HQEQB3AOcS8rA3fhpi
+47JDGGE8ep7N8tWHREmW/Pg80vyQVRuAAABcQSVXuUAAAQDAEgwRgIhAMaUhnvR
9/Tu4tvjeiTuUdPKdtYWDXn0D4w3gY6RcHFjAiEAtyVaAoUk7WEwiXC63sAgLQpO
HTeS237M05EPVS1+54YwDQYJKoZIhvcNAQELBQADggEBAEG5wncX+xRgvLMUcbV7
NW9JEj4ZRfoVNJGPu3dldDy+lACNKfqqZbYhcpeIKFtBWgQHZB1XaHUDOe2KxVb4
qrQBZOcONuxnISag1g926cs+uIbJzoOL6QWjdhyqMLJy8j2XiIf5WAAX6irfdiFc
JE4VvoOO/iunw3aRNgeMGTUfPx3NG/jQrz1QFDN/mYz+fqWH8JUxVECLZaX9A7bf
yPKuHdtO55QvfwhR3P36tn//KgVsHMunQyb2U2IaiiIO07jDd7eeElUAegVSEyqe
EDY90waJUeBQJYKFhKs7goSuYG+Kc8dztLwlUqvz3f4BOt6Nrpho4ulWD1sscTS2
6ig=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA70uujP0caBanHzf31+NU
UZlGCR++WnIP0EH9Krvra18vwvRNCE/J5Pj9qrYuH/46IYzbnBcvgb4ZJLLutxiO
2pfh14bjlLcSsBlQ09TJ6ishzwq5wwCFz58SHf2Sky1yDwjUa/bMUBna2FIMypel
0x6l3PA35vbiXOl/dSthQwsNfaIMTE9IfAFM2geIpXW7GOx6GSMxsdymUKU/ERQD
HhgnV70LGtQn7LZ9zCrj0IQt3KnoXZ6Ut0bPAwQVjS7tU6U9IzBX7wdXN3clSPw5
qcBuAcb/Ivl1YCra9XHcf0gNASSy8D3UdL0je4fHRXQXEGwYguunIKHEOYFjrj7P
D+FyAgUjJeSaN/HhTn0XmmtKjokoMqiIIQuShckG7rRx6BSNW0gFonugVPKSqjgi
/xcgAx18eI4VW/3mRDq36JoWFYciw/wwUgYRYlKv4tJZTXE2DDP5KIWZwdB8AkS5
RDSH5yuyFSbbsXOxrpruxUHU1Vk3T8JDcXtoJR4AVIGWUnMA7xbFCNin+XA9QJv8
WMHBcQf2TT6anjf6PfVrE/ukiaxecMqgqXO0WQD3F/ui+fi0ANaZRTl0gYQOkYwB
+X7fv2OC+27ilcoPquCxMbJWk6LW1Sw7nHfpLXPj6/cMVnSVndi+A/zdKMAcLmPX
8ouxmevYeeIIDTmV6bgTebkCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 381103241688622723025400390030091064808664
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-22 22:30:30 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-06-20 22:30:30 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'leserreisen.bnn.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 976241006338009040445068319586626108395751231018962811979604866852580027893517204264060215246199012475369835760199129086206918149803194265873266363544357031368886704667313152690779982000416516245478873377480615235639516145321891650399010290788389521734804936220959851047602779816249679110995611885224465601820736399091827573513688775767030512004453684396176843316042928544030262691360749908833120057038276405030189222092778613976052387829867380840911760531696197597726065639710903808417335506953960843629498865204135055482868952544979844237332547203478969520794281633501562554581556732533480469398489742573825511193661160113707081192546159911583855829232608106431026985735678979282629718288909973582456417449757853079253510260404147094184754221133661264715429526446068125299539324291081924879430179435786560614313790867329947772867375091751432997336121360502947341042458246135904148815678426872555045754568471121445952803954911037988179671346948923486750828502471535992468946485183768050013816576400121890251434673596883505781364471665749441567283166567711236189043894176912330416825134800841262113249669947217277139911793775690440846404253294700866850828244561614376488994353367809245985796022564877028611689236270918382449797069241
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							862dd33d5fa526bc0d01126a9aca59b75e8793e4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'leserreisen.bnn.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
							00f2007700b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e0000017104955edb0000040300483046022100b23d1ba4e38e1fb4db15dbdb5309a7c3c02d6fd2342fce6e3ddf15af548c1953022100d50ed1670607806ad02dd4a848cf76faa7b267a1709f2db8616d18de57a1d011007700e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e0000017104955ee50000040300483046022100c694867bd1f7f4eee2dbe37a24ee51d3ca76d6160d79f40f8c37818e91707163022100b7255a028524ed61308970badec0202d0a4e1d3792db7eccd3910f552d7ee786
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0041b9c27717fb1460bcb31471b57b356f49123e1945fa1534918fbb7765743cbe94008d29faaa65b621729788285b415a0407641d5768750339ed8ac556f8aab40164e70e36ec672126a0d60f76e9cb3eb886c9ce838be905a3761caa30b272f23d978887f9580017ea2adf76215c244e15be838efe2ba7c3769136078c19351f3f1dcd1bf8d0af3d5014337f998cfe7ea587f0953154408b65a5fd03b6dfc8f2ae1ddb4ee7942f7f0851dcfdfab67fff2a056c1ccba74326f653621a8a220ed3b8c377b79e1255007a0552132a9e10363dd3068951e05025828584ab3b8284ae606f8a73c773b4bc2552abf3ddfe013ade8dae9868e2e9560f5b2c7134b6ea28