alfafin.org
Issued by R3
About this certificate
This digital certificate with serial number 04:bf:e4:6a:42:8d:e8:ca:71:60:dc:22:b7:dd:f1:7c:67:09 was issued on by Let's Encrypt.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=alfafin.org
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:bf:e4:6a:42:8d:e8:ca:71:60:dc:22:b7:dd:f1:7c:67:09Serial Number (int): 413746691525328448634980636502546360067849
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 87:a6:c5:d1:22:24:b4:ee:00:f7:c0:1f:d3:09:66:b2:8b:96:35:e8
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 85:cf:c8:10:34:6f:48:14:5a:b7:e9:59:ae:65:36:22:c3:ba:a0:fa
Fingerprint (sha256): b0:2b:df:7c:65:c0:59:f6:05:80:33:e8:61:0b:e9:27:2b:01:1a:1b:44:02:0e:2d:03:79:2d:57:7e:0a:88:f9
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate alfafin.org
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for alfafin.org
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
alfafin.org
Other certificates including the domain name alfafin.org
(limited to 100 certificates)
alfafin.org
alfafin.org
alfafin.org
mail.alfafin.org
alfafin.org
mail.alfafin.org
mail.alfafin.org
mail.alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
mail.alfafin.org
alfafin.org
mail.alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
mail.alfafin.org
alfafin.org
mail.alfafin.org
mail.alfafin.org
mail.alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
mail.alfafin.org
alfafin.org
mail.alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
alfafin.org
Certificate
The complete raw certificate details for alfafin.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF4zCCBMugAwIBAgISBL/kakKN6MpxYNwit93xfGcJMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEwMDIyMzAxMjJaFw0yMzEyMzEyMzAxMjFaMBYxFDASBgNVBAMT C2FsZmFmaW4ub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs5Nq paJWoIfV/fNAivU+5b/88F2c8MVzlP1BdT2+a16OtFaqV+8xZLTk0B0CUFfpr7xd f2osnXYy+mqJhQNH3LB7GgSZ0Gq2QiIZnbNgem7RnvKjBa7a3hk+fVHXyM+znoId f3Re7vPcjix7nue6QKQHB6ge4BwGQE0GXWUWnY3i4UxahltUNmLpEsUZcFnyjaTi QqZD9y50ZjSvlYcLVL5pDaLUjX1EcopiCr6JvyeAn7m0Kusy6uCxDmDd0ztMUr30 lH61p0rElXjKrpHL4uOlUMrxMlmKUI/v+uD1xyiV+/wMMcfvG/TR8QhW/P875A/l NksW74TBOvIdVZ4ZM4EuJrJeQ3R7KF4i++apL7fayYJFDl4P8xPfnrYfmNtOp7V8 NoqChs0nX4i2mb3MF6IkPPzqNIKgVcrUhSDJ9xQiiy3UNcS2qUUpX+R7JpJE7dby 3lYJsj9upzS2jWgPKDvGq6hk0VCiczpoeWq10J5SiSNHD2Y0HlAiZdNvlAYdsDKt 8sfYbBfAQy6RlIxUUR8Xi9U7rRi4qJkogHfJULGNCEhQFgQ+974ueOGQ8EuvKrVU MHaQBFVVFvfXiAOqaGwBnwXLxJrGdMBocN33kd9Z14kUjCfHk4RtEnsxpNQmI5lW Wd9elp2RuN4dsXcIHz7WyHweEba7VoRLg9iop2kCAwEAAaOCAg0wggIJMA4GA1Ud DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T AQH/BAIwADAdBgNVHQ4EFgQUh6bF0SIktO4A98Af0wlmsouWNegwHwYDVR0jBBgw FoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUF BzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9y My5pLmxlbmNyLm9yZy8wFgYDVR0RBA8wDYILYWxmYWZpbi5vcmcwEwYDVR0gBAww CjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXy OcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYry1t/pAAAEAwBHMEUCIGgq59B5LiX3 L4zpOsVMuIB2eutCAuwN3/DT7t24wwiwAiEAgwWEKUGbSrkPG4uhDLbUjf0o8h8x rZvGspbTqySeUFcAdgB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAA AYry1uAEAAAEAwBHMEUCIQDqs7o2NjqZJd3IaiOpNzksY5xMZdRE1wLUKD1EfXND xQIgVEM5i5/xd1rgKDTZe314OhiXNu4zJ+qhQIiVsDZ1fRQwDQYJKoZIhvcNAQEL BQADggEBAEZfZ+XG00AMwsgLotgwzyqDahXWLSMaKqoTv4rT8DK1GmlfdQg9Mmax pZSKpsRxMcZ/T+suPYnEHTBO5mFeo+n+sF41TLU/OzenqkSmFvhF/BPMmpV9Nt46 E+lAgh87c/dGDaBngrBa0s53KNfiwx4N5+qsNyzV7+u1OPUQxsJFZhv8wnwt3Qq1 jJKEXONT1uOUmEyDc0g0acPLbYUB29pEF5/4xZCLRGHZGaHaIjQ2wA3pmSTMOWac sZXq3c4jNe8ZqMmE0pZJzvHtC8FgwEgYICYuNYGUeNcX2btwEOyg2XJumgYOX9hL RcGhLncZqVdXrhFfl6nbhcFv8uOBxt4= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs5NqpaJWoIfV/fNAivU+ 5b/88F2c8MVzlP1BdT2+a16OtFaqV+8xZLTk0B0CUFfpr7xdf2osnXYy+mqJhQNH 3LB7GgSZ0Gq2QiIZnbNgem7RnvKjBa7a3hk+fVHXyM+znoIdf3Re7vPcjix7nue6 QKQHB6ge4BwGQE0GXWUWnY3i4UxahltUNmLpEsUZcFnyjaTiQqZD9y50ZjSvlYcL VL5pDaLUjX1EcopiCr6JvyeAn7m0Kusy6uCxDmDd0ztMUr30lH61p0rElXjKrpHL 4uOlUMrxMlmKUI/v+uD1xyiV+/wMMcfvG/TR8QhW/P875A/lNksW74TBOvIdVZ4Z M4EuJrJeQ3R7KF4i++apL7fayYJFDl4P8xPfnrYfmNtOp7V8NoqChs0nX4i2mb3M F6IkPPzqNIKgVcrUhSDJ9xQiiy3UNcS2qUUpX+R7JpJE7dby3lYJsj9upzS2jWgP KDvGq6hk0VCiczpoeWq10J5SiSNHD2Y0HlAiZdNvlAYdsDKt8sfYbBfAQy6RlIxU UR8Xi9U7rRi4qJkogHfJULGNCEhQFgQ+974ueOGQ8EuvKrVUMHaQBFVVFvfXiAOq aGwBnwXLxJrGdMBocN33kd9Z14kUjCfHk4RtEnsxpNQmI5lWWd9elp2RuN4dsXcI Hz7WyHweEba7VoRLg9iop2kCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 413746691525328448634980636502546360067849 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-02 23:01:22 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-31 23:01:21 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'alfafin.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 732605535114730359688346331139986291934438873302219338938837352583474598113386774814225931556777759825504028548807021652524628608608748158325068166306870890037795986779083008709920157578606071521458083854470018677725964106515597032728429832138297565444092091616122016438912443249155589226947787809262138497381158023142839249733984075068147753784914679983163740809611238692406245110769596714624602125623596375625846291783506936621951305408175826720635271306515437970050302328786003155337323846730165110827033378111590578330455916965525568905897175993062366693221760246723116744937736362281458980551577890167982001001577467508152647005749512712822590974030013717323609401091895602361403931655724580545594386050642022938120163334937783073395168280180484834544245775171858158527445405109588231207996470151559643910574094365419358147532901489775654270970124532542304594994519449358784663635220255002335292848259634491645337011874691845897044352583156782036377829043040614654569425102150295883734656198243274586238613643178131392049396395274479997803004038741204333545375551775584705764528668909574798309355759727070841762180059163681041170212190728967674920463071349593930160575026672312214624565133606183571153744187125561126122099877737 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 87a6c5d12224b4ee00f7c01fd30966b28b9635e8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (15 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alfafin.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f0007600b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb4990000018af2d6dfe900000403004730450220682ae7d0792e25f72f8ce93ac54cb880767aeb4202ec0ddff0d3eeddb8c308b002210083058429419b4ab90f1b8ba10cb6d48dfd28f21f31ad9bc6b296d3ab249e50570076007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb520000018af2d6e0040000040300473045022100eab3ba36363a9925ddc86a23a937392c639c4c65d444d702d4283d447d7343c502205443398b9ff1775ae02834d97b7d783a189736ee3327eaa1408895b036757d14 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00465f67e5c6d3400cc2c80ba2d830cf2a836a15d62d231a2aaa13bf8ad3f032b51a695f75083d3266b1a5948aa6c47131c67f4feb2e3d89c41d304ee6615ea3e9feb05e354cb53f3b37a7aa44a616f845fc13cc9a957d36de3a13e940821f3b73f7460da06782b05ad2ce7728d7e2c31e0de7eaac372cd5efebb538f510c6c245661bfcc27c2ddd0ab58c92845ce353d6e394984c8373483469c3cb6d8501dbda44179ff8c5908b4461d919a1da223436c00de99924cc39669cb195eaddce2335ef19a8c984d29649cef1ed0bc160c0481820262e35819478d717d9bb7010eca0d9726e9a060e5fd84b45c1a12e7719a95757ae115f97a9db85c16ff2e381c6de