agefa.org
Issued by R3
About this certificate
This digital certificate with serial number 03:97:12:c1:63:7f:3c:e3:15:86:be:22:54:36:d9:8e:da:fc was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=agefa.org
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:97:12:c1:63:7f:3c:e3:15:86:be:22:54:36:d9:8e:da:fcSerial Number (int): 312744425435599644659518375664526275042044
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: f0:9f:55:d3:a7:76:72:32:0d:96:7e:9c:ea:7c:d9:f7:e8:92:19:65
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): a5:f1:73:9b:66:7b:42:e3:b6:40:e7:42:79:a4:f4:30:82:be:b4:17
Fingerprint (sha256): a7:4b:dd:f7:4c:68:33:de:b5:8a:2c:76:46:66:a6:b5:5c:ea:c9:3a:8d:3d:1f:5d:5b:65:26:10:57:14:cc:ea
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate agefa.org
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for agefa.org
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
agefa.org
www.agefa.org
www.agefa.org
Other certificates including the domain name agefa.org
(limited to 100 certificates)
Certificate
The complete raw certificate details for agefa.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF7TCCBNWgAwIBAgISA5cSwWN/POMVhr4iVDbZjtr8MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzExMDgxNTQ1MTBaFw0yNDAyMDYxNTQ1MDlaMBQxEjAQBgNVBAMT CWFnZWZhLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMHSmcC7 YgZU/JrXV1YVVL1VbnZTUtXQdQsaxI37a2bhV5y0SLQpCpch2MDa8JW8z8KIhH8I m/CHG6yYRXRxjev1TKehwCjhwfufPw99+QeEgKJk/lCpN2BJ3TaF5Yvwqfrv2JCg JTx4t+oE6WvtMqh99vQJtQihih1dNZgdoNF4Qa1MOGlCwK3KHb+KFvNUl84PvnjQ CMmosRJ9Q7PGc0ZufYsQkmqa7rP/VfKs5R7gDp8j0cwBp6r8zjDcYS7EigXLM5nQ vUVqwcKW4U5EMwUu9lZsMgy+gEpiCHRt3r20fqs2QRZ3po6mDJDYdOybpk60PT1K rnmdz94/KBemYsETtnICsJWNeqSXcHg+dt4D21SauYbsqK2oMbTpsGvEQFA0PnfJ 7lmG+zByTlz2LMes9wdPRNtEGptFHUYnGtqqKRYiGIxbhKL7cCihASuKGt5AwVcj WCKqwfzPuALFDaeCyWVr7xcJxMKy7Ckr8tz1bZE1WfObzWuiYmHMpqPiU0b7ALfw XxhYhZOxsz1eHAhzjZepu1x6GH3QOD7ncH7xTysXInrAA3Ep5V8CSzCnM7A1iYYi jnruw7rXXRV/QjYGkJX8M994ko7BToIuBTHEU2zYkI5iNsmfkzTlp+mTLSA/GQ+d l3u1v+W3cuuhetb6zGWguZVVXcrseyOPB+DdAgMBAAGjggIZMIICFTAOBgNVHQ8B Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB /wQCMAAwHQYDVR0OBBYEFPCfVdOndnIyDZZ+nOp82ffokhllMB8GA1UdIwQYMBaA FBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcw AYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMu aS5sZW5jci5vcmcvMCMGA1UdEQQcMBqCCWFnZWZhLm9yZ4INd3d3LmFnZWZhLm9y ZzATBgNVHSAEDDAKMAgGBmeBDAECATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2 AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABi6/S0UAAAAQDAEcw RQIgKffNcCbYYRpiiPZysD0W0TTP8T6x/lvMdMUc+XXRCiICIQCF1KO3W1GN80G9 tS2J6AqaTZ4BpFD4aOZiIJ4msVA32QB1ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9 AA0tcm/h+tQXAAABi6/S0TgAAAQDAEYwRAIgXYXs7S7FlJOUNpVgEEYWCqPdSGRz C+xUWexMe8fPnWECIB6yZXYxRInDSPetFtTcBNiTjxH9vzOAaig/X9HdcbAVMA0G CSqGSIb3DQEBCwUAA4IBAQCJm/sd4GiBWLuZIuef0yu4qgVUoTVNsoWj1lDcsIZZ apAJdAtMgeApyklz1Hv97QxI5WmPp8r3Rt6JQJyV4RTkTNw7Y5DXzticp9iuhEcW V5xd0RTVZ5JsFTB584RXj5bIXAnadrpw7rYG7yqu7SlbHE+az0SDioD7DKzUoZ3r 3fK4tNHlgptKrbyGbRoxQtdDwGyk7hUN/HiptHmHZGgXOiC74Vy+Vk+sAO01lawa 8EfusSy2VlnJ4sjRx8L/SeIw5gWHkupRs/I4ynH5ZtiFxiiQu9yej+LIcQfyZRf9 GhWN4sGFRAJbt7nLfmwS5ZvaWlxsApj9FDNBpyqXo5mq -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwdKZwLtiBlT8mtdXVhVU vVVudlNS1dB1CxrEjftrZuFXnLRItCkKlyHYwNrwlbzPwoiEfwib8IcbrJhFdHGN 6/VMp6HAKOHB+58/D335B4SAomT+UKk3YEndNoXli/Cp+u/YkKAlPHi36gTpa+0y qH329Am1CKGKHV01mB2g0XhBrUw4aULArcodv4oW81SXzg++eNAIyaixEn1Ds8Zz Rm59ixCSaprus/9V8qzlHuAOnyPRzAGnqvzOMNxhLsSKBcszmdC9RWrBwpbhTkQz BS72VmwyDL6ASmIIdG3evbR+qzZBFnemjqYMkNh07JumTrQ9PUqueZ3P3j8oF6Zi wRO2cgKwlY16pJdweD523gPbVJq5huyoragxtOmwa8RAUDQ+d8nuWYb7MHJOXPYs x6z3B09E20Qam0UdRica2qopFiIYjFuEovtwKKEBK4oa3kDBVyNYIqrB/M+4AsUN p4LJZWvvFwnEwrLsKSvy3PVtkTVZ85vNa6JiYcymo+JTRvsAt/BfGFiFk7GzPV4c CHONl6m7XHoYfdA4PudwfvFPKxciesADcSnlXwJLMKczsDWJhiKOeu7DutddFX9C NgaQlfwz33iSjsFOgi4FMcRTbNiQjmI2yZ+TNOWn6ZMtID8ZD52Xe7W/5bdy66F6 1vrMZaC5lVVdyux7I48H4N0CAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 312744425435599644659518375664526275042044 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-08 15:45:10 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-06 15:45:09 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'agefa.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 790727459333769615436898842641094331927978553103438203442236963569563294698790078657993473162039861067930704971310147065259982727328530352612616077033225000731841770246828785705954681879149698441786331788911138806800344273430100194748404702138800243734255968826460773646298387316120559390660489884737696856486313000782101048330629772181431480711926229712054650067167228448290214025618059476267924794876819462291949712914776420405549987883577293885683575444111425974786190720269964503443555301477740629548895927724254922789967137717057225956414667303402065011943029314482003999354048694980542589297579297336431063887986674656025055649510566971759292734504969177733787131404071849807130349333512217336706642251656482097936146410967431991134015543888938301697866364927954788332450234520458674607044174677644637265772108966080041719555135439340834807242659737505256923467183441839008322431954729018636294617955980898046827129933779441350254188745942128738112969495663359096458598022932028961242695860681916907528252297499878224273731893020374020045650116233764324397955652247021846848775455598395332481834140485001450748144257772908047773046763892463384546775069989152322530803813366521487866816150085594211598387132970672846473219530973 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) f09f55d3a77672320d967e9cea7cd9f7e8921965 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agefa.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.agefa.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes) 00ef00760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018bafd2d1400000040300473045022029f7cd7026d8611a6288f672b03d16d134cff13eb1fe5bcc74c51cf975d10a2202210085d4a3b75b518df341bdb52d89e80a9a4d9e01a450f868e662209e26b15037d90075003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018bafd2d138000004030046304402205d85eced2ec59493943695601046160aa3dd4864730bec5459ec4c7bc7cf9d6102201eb26576314489c348f7ad16d4dc04d8938f11fdbf33806a283f5fd1dd71b015 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00899bfb1de0688158bb9922e79fd32bb8aa0554a1354db285a3d650dcb086596a9009740b4c81e029ca4973d47bfded0c48e5698fa7caf746de89409c95e114e44cdc3b6390d7ced89ca7d8ae844716579c5dd114d567926c153079f384578f96c85c09da76ba70eeb606ef2aaeed295b1c4f9acf44838a80fb0cacd4a19debddf2b8b4d1e5829b4aadbc866d1a3142d743c06ca4ee150dfc78a9b479876468173a20bbe15cbe564fac00ed3595ac1af047eeb12cb65659c9e2c8d1c7c2ff49e230e6058792ea51b3f238ca71f966d885c62890bbdc9e8fe2c87107f26517fd1a158de2c18544025bb7b9cb7e6c12e59bda5a5c6c0298fd143341a72a97a399aa