reach.nz
Issued by R3
About this certificate
This digital certificate with serial number 04:12:1f:aa:4f:b3:65:5a:af:0b:37:2c:2d:1c:df:bc:62:4c was issued on by Let's Encrypt.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=reach.nz
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 04:12:1f:aa:4f:b3:65:5a:af:0b:37:2c:2d:1c:df:bc:62:4cSerial Number (int): 354616316706476729636065234525963094352460
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: db:f4:1f:eb:71:2a:05:64:f1:54:c6:a6:11:49:bc:2c:c1:fa:a8:72
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 9b:2e:81:4b:be:65:72:43:e1:84:9f:1c:ff:9f:cf:7c:41:7c:34:1b
Fingerprint (sha256): c0:d9:e5:db:98:a1:0b:02:0e:79:b1:4c:c9:31:47:b0:44:25:57:4a:0c:b8:86:06:0e:8e:ed:92:9f:70:2f:f4
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate reach.nz
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for reach.nz
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
reach.nz
Other certificates including the domain name reach.nz
(limited to 100 certificates)
Certificate
The complete raw certificate details for reach.nz in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE3TCCA8WgAwIBAgISBBIfqk+zZVqvCzcsLRzfvGJMMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMTEwNDIzMDVaFw0yNDA2MDkwNDIzMDRaMBMxETAPBgNVBAMT CHJlYWNoLm56MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nSmyUqY kJU+EBc+YT953nCtmm68lG7bvRiwJgQN5vviC0GcpRfPZKaqhsC4sTt3i4ltQwe8 6IkTE94fX32ueJukYR82RgF1PVByYdbChz5sREtQMrqFq+ESaE1HeDUd2TXOgsqQ JMwQDN+Dnu+SCl4GLp0/B++29BTfoel5oU7SU50EZPltn1W8wnJtSqLQ9JMPe8OG oR72RIUfqHarefgZ9EW11+yh2wfm8/3Kds9ccIBzDOW+7MC8Okn3ZSOUmjojAVUd zBYbNxkD8+1evVe5HzUONj18Ouv6tPvp0B2Z2JiArBa4znw+IM4n3wLCMpYto06W obEj0u+cQbmjIwIDAQABo4ICCjCCAgYwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTb 9B/rcSoFZPFUxqYRSbwswfqocjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+d ixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxl bmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzATBgNV HREEDDAKgghyZWFjaC5uejATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB 1nkCBAIEgfUEgfIA8AB2ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQX AAABjiv25/gAAAQDAEcwRQIgKU5/+6I9SjNQCwTnK659Pb9yP/7Y5S5Q+4jpphOm d1wCIQDrgxH6ThykOqr2wsW6QtX+BTdb/Ygnev5SqJkn8jyz2QB2AHb/iD8KtvuV UcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABjiv26DAAAAQDAEcwRQIgUTpNhiag K07/uS4frH1pl0iCEVtD6f0zkDNso8z5h+oCIQCVgz+DDPStC1DTNvP6jQMRpJkM cEOPMCksHnW5fitLozANBgkqhkiG9w0BAQsFAAOCAQEAUe9WJyi7m9WTd3ie1Y4N A4aY7CrMefB6zb+n/dwne9tdLMyQAbCDL9ghXAi5Ulrs0fKTWzv/JUCoJ5AzcExg qnt5ujOg7eVpE34qeAsDXtYn0OZQNiU8094dAEdvsD9GOuWwkY1TjBVA9r2pNBg7 g8ni0N6ov5f98OzRgoSfCOYv2nVppdgTiH7R8zU73KDjhN4tGI6uwA6lBaBjnw0E AVUHv3KIqad1ysjfhU+Yq+GZeR5tVCQFw9tCr6n7Xo+0WJ6G5sftvH8sxpqIV+pv XHXSREQ3EV/hz9AIfqtw5RZLLO7EDXtNk4N/37aEY//y0533JOPchXBJfXa9YkGP fQ== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nSmyUqYkJU+EBc+YT95 3nCtmm68lG7bvRiwJgQN5vviC0GcpRfPZKaqhsC4sTt3i4ltQwe86IkTE94fX32u eJukYR82RgF1PVByYdbChz5sREtQMrqFq+ESaE1HeDUd2TXOgsqQJMwQDN+Dnu+S Cl4GLp0/B++29BTfoel5oU7SU50EZPltn1W8wnJtSqLQ9JMPe8OGoR72RIUfqHar efgZ9EW11+yh2wfm8/3Kds9ccIBzDOW+7MC8Okn3ZSOUmjojAVUdzBYbNxkD8+1e vVe5HzUONj18Ouv6tPvp0B2Z2JiArBa4znw+IM4n3wLCMpYto06WobEj0u+cQbmj IwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 354616316706476729636065234525963094352460 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-11 04:23:05 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-09 04:23:04 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'reach.nz' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27072520265717815981950070175170777514270969034543540043576130787332755065441180203596855635970242611328141315909862509434325718794518097705528084042278555798993666708616476963116608652456760983880451003582975141432953848649043858311048800676984484549919445595563109291910191767363766871912693358599375707599884357978485252963456190777964745568729188214061931168615334527853940305207590689253999988467806773916992101972818207194739644701426052190181318232091279763878133043711537739638645004165650431852598194191730396079784870389454600547799629710332583531750644504512777675166994770610721367211560032612562350220067 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) dbf41feb712a0564f154c6a61149bc2cc1faa872 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'reach.nz' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f00076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018e2bf6e7f800000403004730450220294e7ffba23d4a33500b04e72bae7d3dbf723ffed8e52e50fb88e9a613a6775c022100eb8311fa4e1ca43aaaf6c2c5ba42d5fe05375bfd88277afe52a89927f23cb3d900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018e2bf6e83000000403004730450220513a4d8626a02b4effb92e1fac7d69974882115b43e9fd3390336ca3ccf987ea02210095833f830cf4ad0b50d336f3fa8d0311a4990c70438f30292c1e75b97e2b4ba3 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0051ef562728bb9bd59377789ed58e0d038698ec2acc79f07acdbfa7fddc277bdb5d2ccc9001b0832fd8215c08b9525aecd1f2935b3bff2540a8279033704c60aa7b79ba33a0ede569137e2a780b035ed627d0e65036253cd3de1d00476fb03f463ae5b0918d538c1540f6bda934183b83c9e2d0dea8bf97fdf0ecd182849f08e62fda7569a5d813887ed1f3353bdca0e384de2d188eaec00ea505a0639f0d04015507bf7288a9a775cac8df854f98abe199791e6d542405c3db42afa9fb5e8fb4589e86e6c7edbc7f2cc69a8857ea6f5c75d2444437115fe1cfd0087eab70e5164b2ceec40d7b4d93837fdfb68463fff2d39df724e3dc8570497d76bd62418f7d