hub.talentmed.com
Issued by cPanel, Inc. Certification Authority
About this certificate
This digital certificate with serial number a1:25:93:1d:0c:00:a1:b5:5c:21:38:20:b8:2c:35:55 was issued on by cPanel, Inc..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=hub.talentmed.com
cPanel, Inc.
Organization:
cPanel, Inc.
State / Province:
TX
Locality: Houston
Country: US
Locality: Houston
Country: US
This certificate has expire since
Certificate Details
Serial Number (hex): a1:25:93:1d:0c:00:a1:b5:5c:21:38:20:b8:2c:35:55Serial Number (int): 214200806120680277633345884745936680277
Serial Number lenght: 128 bits, 16 octets
SubjectKeyId: 65:ef:81:4c:3e:53:05:09:3a:a5:af:ba:e7:ca:bc:5d:d0:08:07:ce
AuthorityKeyId: 7e:03:5a:65:41:6b:a7:7e:0a:e1:b8:9d:08:ea:1d:8e:1d:6a:c7:65
Fingerprint (sha1): 11:e7:e1:fd:96:d4:b5:0f:37:e0:29:55:dc:85:37:bc:e2:5b:1a:d9
Fingerprint (sha256): a9:bf:38:12:35:76:96:43:83:fe:19:6c:28:bc:9e:4b:d5:45:ce:f9:b5:24:88:fb:e4:9b:c5:e3:f5:14:92:c3
Issuing Certificate URL: http://crt.comodoca.com/cPanelIncCertificationAuthority.crt
Revocation information
OCSP Server: http://ocsp.comodoca.comCRL Distribution Point: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl
Check the revocation status for certificate hub.talentmed.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for hub.talentmed.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
hub.talentmed.com
www.hub.talentmed.com
www.hub.talentmed.com
Other certificates including the domain name talentmed.com
(limited to 100 certificates)
talentmed.edu.au
talentmed.edu.au
hub.talentmed.com
talentmed.edu.au
talentmed.com
talentmed.edu.au
hub.talentmed.com
talentmed.edu.au
talentmed.edu.au
hub.talentmed.com
talentmed.com
hub.talentmed.com
hub.talentmed.com
talentmed.com
talentmed.edu.au
hub.talentmed.com
hub.talentmed.com
talentmed.edu.au
hub.talentmed.com
hub.talentmed.com
hub.talentmed.com
talentmed.edu.au
talentmed.edu.au
talentmed.edu.au
hub.talentmed.com
hub.talentmed.com
talentmed.edu.au
talentmed.com
talentmed.edu.au
hub.talentmed.com
talentmed.edu.au
talentmed.com
talentmed.edu.au
hub.talentmed.com
talentmed.edu.au
talentmed.edu.au
hub.talentmed.com
talentmed.com
hub.talentmed.com
hub.talentmed.com
talentmed.com
talentmed.edu.au
hub.talentmed.com
hub.talentmed.com
talentmed.edu.au
hub.talentmed.com
hub.talentmed.com
hub.talentmed.com
talentmed.edu.au
talentmed.edu.au
talentmed.edu.au
hub.talentmed.com
hub.talentmed.com
talentmed.edu.au
talentmed.com
Certificate
The complete raw certificate details for hub.talentmed.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFBDCCA+ygAwIBAgIRAKElkx0MAKG1XCE4ILgsNVUwDQYJKoZIhvcNAQELBQAw cjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRYMRAwDgYDVQQHEwdIb3VzdG9uMRUw EwYDVQQKEwxjUGFuZWwsIEluYy4xLTArBgNVBAMTJGNQYW5lbCwgSW5jLiBDZXJ0 aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA1MDIwMDAwMDBaFw0xODA3MzEyMzU5 NTlaMBwxGjAYBgNVBAMTEWh1Yi50YWxlbnRtZWQuY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAtZ+huN0QZt6IOngZ2TIOrlQTKp17EQqwWkOv6f6N yYE2s9Lxwa60qO70m3hWABkQRr5tgC74ZEJyrwdJcPaJnP20qJZeGPX7vrqy5JHa gwFVWVIZ0znRYxxsHfhZq2cFSoeaKKsgayYaJmXPVyqBLDQcJrDOdcXwfHRPEHOc KRzC8ZO1V7Eu4xFuV90DBEe/2SdHxhyaZzIwBwdFhkRUQ3XWiv35p15hEWYkjNC5 jDcXs7JfFgnbuJXhyE7KE7q4RIL0utnMBV3YRrTxjUqKJdAO2i8FVlnh37MkpGg9 iYzE8z83WnDnmgq/RjJGPWONv/DBWR+T/Gqtg/oXX/P0TwIDAQABo4IB6TCCAeUw HwYDVR0jBBgwFoAUfgNaZUFrp34K4bidCOodjh1qx2UwHQYDVR0OBBYEFGXvgUw+ UwUJOqWvuufKvF3QCAfOMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQB sjEBAgI0MCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20v Q1BTMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9k b2NhLmNvbS9jUGFuZWxJbmNDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB9Bggr BgEFBQcBAQRxMG8wRwYIKwYBBQUHMAKGO2h0dHA6Ly9jcnQuY29tb2RvY2EuY29t L2NQYW5lbEluY0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3J0MCQGCCsGAQUFBzAB hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wEwYKKwYBBAHWeQIEAwEB/wQCBQAw MwYDVR0RBCwwKoIRaHViLnRhbGVudG1lZC5jb22CFXd3dy5odWIudGFsZW50bWVk LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAdIHHcU5cjGDZHYe2YCsYA3QmcUVKLeBg 2iW/s0VyIVx18bs2tpfs/dFxWm+VFkJiWBfGDxdKXBwouOwx2uLjNSHA2BcvvRb3 0BdINx1uxYXRGN13bGL4UtKWMX+189nutLrjRZrhHq/jGlOKOxq6YpIpHeH/4l/g ux2PFzf6qzD/VjWV+x121v2HQViCalZxP7svBAOpiEXtTw+Qc9KVR5BnfNsfHzTl 4puN+RCtuM5eJjvk56S/ZOZeJdk1d21+CgBevbsD79qsZvvM36jt3FRvBy0UetbT XhxM4NpQdeLlKWLlCr0ZZAmaMQAzUZ/LSipp16eqAYpTUaqB7HoOqg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZ+huN0QZt6IOngZ2TIO rlQTKp17EQqwWkOv6f6NyYE2s9Lxwa60qO70m3hWABkQRr5tgC74ZEJyrwdJcPaJ nP20qJZeGPX7vrqy5JHagwFVWVIZ0znRYxxsHfhZq2cFSoeaKKsgayYaJmXPVyqB LDQcJrDOdcXwfHRPEHOcKRzC8ZO1V7Eu4xFuV90DBEe/2SdHxhyaZzIwBwdFhkRU Q3XWiv35p15hEWYkjNC5jDcXs7JfFgnbuJXhyE7KE7q4RIL0utnMBV3YRrTxjUqK JdAO2i8FVlnh37MkpGg9iYzE8z83WnDnmgq/RjJGPWONv/DBWR+T/Gqtg/oXX/P0 TwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 214200806120680277633345884745936680277 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TX' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Houston' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cPanel, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cPanel, Inc. Certification Authority' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-02 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-07-31 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'hub.talentmed.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22927850537297207312666702885580452927419102330173466785215025271467647466153842377868588211012888001677852481104946727163387007981735475435250330856982539481057375528336940049921936414012727944562618316463582693633834911339225974476142585646926816502611940171552385050821066586782195627719546334215095617562963573050378009356501582084640117209989356457585255018243889341054244413461390336678421047645723619014337344684730767725280476614408338852266671438986331271065046186116135001133064220982652808819666962493812467884467023301714675783769779735143667532427783149115850747049686890782353416131550561850475268011087 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 7e035a65416ba77e0ae1b89d08ea1d8e1d6ac765 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 65ef814c3e5305093aa5afbae7cabc5dd00807ce . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (72 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://secure.comodo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.comodoca.com/cPanelIncCertificationAuthority.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (113 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.comodoca.com/cPanelIncCertificationAuthority.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.comodoca.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hub.talentmed.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hub.talentmed.com' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 007481c7714e5c8c60d91d87b6602b1803742671454a2de060da25bfb34572215c75f1bb36b697ecfdd1715a6f951642625817c60f174a5c1c28b8ec31dae2e33521c0d8172fbd16f7d01748371d6ec585d118dd776c62f852d296317fb5f3d9eeb4bae3459ae11eafe31a538a3b1aba6292291de1ffe25fe0bb1d8f1737faab30ff563595fb1d76d6fd874158826a56713fbb2f0403a98845ed4f0f9073d2954790677cdb1f1f34e5e29b8df910adb8ce5e263be4e7a4bf64e65e25d935776d7e0a005ebdbb03efdaac66fbccdfa8eddc546f072d147ad6d35e1c4ce0da5075e2e52962e50abd1964099a310033519fcb4a2a69d7a7aa018a5351aa81ec7a0eaa