app.cafsa.org
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:a0:a7:f4:8c:04:24:85:78:e5:f3:d6:ff:a6:af:7c:35:27 was issued on by Let's Encrypt.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=app.cafsa.org
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:a0:a7:f4:8c:04:24:85:78:e5:f3:d6:ff:a6:af:7c:35:27Serial Number (int): 316005287338226017522432279637320250701095
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 44:88:f0:e5:73:5c:44:9d:25:20:c6:b3:d5:20:77:18:29:52:32:51
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): d0:91:44:24:d7:65:88:6b:40:4d:0b:89:cd:40:8e:fd:95:12:c6:38
Fingerprint (sha256): dd:27:94:10:8b:27:1b:33:4d:0c:b9:46:00:83:26:05:21:59:f6:67:fb:51:14:10:f9:0c:e1:89:9c:14:4b:ab
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate app.cafsa.org
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for app.cafsa.org
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
app.cafsa.org
Other certificates including the domain name cafsa.org
(limited to 100 certificates)
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
cafsa.org.knechted.digital
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
cafsa.org
app.cafsa.org
app.cafsa.org
cafsa.org
app.cafsa.org
cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
cafsa.org.knechted.digital
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
cafsa.org
app.cafsa.org
app.cafsa.org
cafsa.org
app.cafsa.org
cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
app.cafsa.org
Certificate
The complete raw certificate details for app.cafsa.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHBDCCBeygAwIBAgISA6Cn9IwEJIV45fPW/6avfDUnMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA0MTUxMTUzMTJaFw0x ODA3MTQxMTUzMTJaMBgxFjAUBgNVBAMTDWFwcC5jYWZzYS5vcmcwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQDX/BPqf31WwZDc78L51U9iqQ0RmGBO5/Dz mM4Le7szrVmMl8+aIvvbaMOy/LL2EcJXKtTbNGp59FEzH6GmQ5AyrtAF3YICf+Jq 9o2m8zaKTsy8bhun1XMjEyR2LMei5UkpmMR+OolPPipE254Rqisd5GpIS65Eirbi F4qjOQV2W5JtVKzXHhlnq518HkrxHAAWBNwNy/ks7efeJ+IZjIkE6dskRRZgAxwd VHtjycIvsiWcLu79kfIlFAf6I8B5hmNeb1iQk5ClBgHbzxD9PRSdpxVUEF5zpL+H MjyiV23euSqnYdQ+ho5plvsfU2MsuN7MPiFSOT5VZgmDg5JVvIs9INuEwQ0dHZRi hf5K39vaKhQro6Q45f3VCYHdObK1UC+h2ZBW21JRE/uB+/JYFV8Mkpg21tQlhJI8 h45zycHpbhRPEr//J3nIXfHvd8UJL/QCy/qA209+SBLvBZSn0524zmQclgbmXbOP CJxTWt8BhdOOsHyo++fTJ1C1ePqvTyNBwBdkMFHEMcwfPYKT6vxsb/7V2ku/nyE2 hqaiTLNWy4e2KL+qQwU5dR7AHHwY47a1qyVay0SjK3qrdVlf1Hx8f+dZj+RZMMuT D60m+Z2h6xOT5n7W9+Zfq7yMm5SZYdvFtKyQPavDGa/nDLKbJRo+QhfkH3sO5TyZ WLA9sjM8MQIDAQABo4IDFDCCAxAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBREiPDl c1xEnSUgxrPVIHcYKVIyUTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86js oTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14 My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14 My5sZXRzZW5jcnlwdC5vcmcvMBgGA1UdEQQRMA+CDWFwcC5jYWZzYS5vcmcwgf4G A1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUF BwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4M gZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJl bHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENl cnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9y Zy9yZXBvc2l0b3J5LzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1ANt0r+7LKeyx /so+cW0s5bmquzb3hHGDx12dTze2H79kAAABYsld0+YAAAQDAEYwRAIgOh0vCbvD dwf9TNHfHdhNfzc/i3jjIEvPeeTlEG5ptPICIG3V4wtaeP7pV7Pi6JkFhHfFPbr7 KMGsqE4kRJ7gMdN2AHYAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgA AAFiyV3UGQAABAMARzBFAiEA2B1wRgUi2jWEIXjysZsetoCAv/dNw7muQP5/CJh1 H78CIGs64vJSPYV4AQtdgEPKYurg8bYyhPoYpTWaNyB6YWHBMA0GCSqGSIb3DQEB CwUAA4IBAQBAEqRm+54w9VVj1vBh5qzQQkPQfdnQGlUk+3rMAUDxrkl5N//St2Y0 SENDlLP7xzQPbBZFzGgQ5uicNLpxcOBZtOWaMOeX7ii9eWutC3lHwEGxP+ztDkx6 4L+40FDnurIkPEtIaXKc9hc4y65vZWaesQbNHVbpT3NvzSnRFUGbxOVH6buXXmnw +i2Vjg597E5CldWqNyEBybwKpWVCuca63df1ikDIfuZBeHtJAQ/933+Y1402IduH 8Sbj7230hcnaZxTnu7s2MQPATf/gSjeQ0F5todW64elFFY9dbZwZJ66ExBVpy6lR PXbnXP75eylWK8oFAMIOV0U9L9/xeOex -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1/wT6n99VsGQ3O/C+dVP YqkNEZhgTufw85jOC3u7M61ZjJfPmiL722jDsvyy9hHCVyrU2zRqefRRMx+hpkOQ Mq7QBd2CAn/iavaNpvM2ik7MvG4bp9VzIxMkdizHouVJKZjEfjqJTz4qRNueEaor HeRqSEuuRIq24heKozkFdluSbVSs1x4ZZ6udfB5K8RwAFgTcDcv5LO3n3ifiGYyJ BOnbJEUWYAMcHVR7Y8nCL7IlnC7u/ZHyJRQH+iPAeYZjXm9YkJOQpQYB288Q/T0U nacVVBBec6S/hzI8oldt3rkqp2HUPoaOaZb7H1NjLLjezD4hUjk+VWYJg4OSVbyL PSDbhMENHR2UYoX+St/b2ioUK6OkOOX91QmB3TmytVAvodmQVttSURP7gfvyWBVf DJKYNtbUJYSSPIeOc8nB6W4UTxK//yd5yF3x73fFCS/0Asv6gNtPfkgS7wWUp9Od uM5kHJYG5l2zjwicU1rfAYXTjrB8qPvn0ydQtXj6r08jQcAXZDBRxDHMHz2Ck+r8 bG/+1dpLv58hNoamokyzVsuHtii/qkMFOXUewBx8GOO2taslWstEoyt6q3VZX9R8 fH/nWY/kWTDLkw+tJvmdoesTk+Z+1vfmX6u8jJuUmWHbxbSskD2rwxmv5wyymyUa PkIX5B97DuU8mViwPbIzPDECAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 316005287338226017522432279637320250701095 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-04-15 11:53:12 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-07-14 11:53:12 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'app.cafsa.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 881140614033802173198891960823215429965461882193765922313649731789652908096766981565796358749597607635234328411515542790960333186167192407391402131466883066805260497065438626916970928163025600464268879961243356885639938970621474365806098105059478055991608218757740236084880382389613865616150908854307572066040075906448020052104246666933431278767723600985498211434560181732563651023522211850298231723925308236385218279417295912751209857953886512172194089241552552394504464057937537782288840117910011170688758764428720333480303068090598632066898044874972280171245728384182678873243271300508649169290097744248787715800164552518004112786207265619337855021642401656452843002817499550141851314277943986331038622302049376516126619623902702843423564764445754166185910326845191523401962031489011586988776253324622838093234959161606784049937213057002048826895206988866609483331555440510996190846133491040970268839762608953725628088060219994723816687482979782001916853591000172820322669230871763580151223898251670756857325891366560703547906879365035511044655020956589975436745021201221119067389815488849737036663258027479525697314495033341864759748015460224244862729129258415979579161262830709545920501076659657317735973527513591147958606445617 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 4488f0e5735c449d2520c6b3d520771829523251 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (17 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'app.cafsa.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes) 00ef007500db74afeecb29ecb1feca3e716d2ce5b9aabb36f7847183c75d9d4f37b61fbf6400000162c95dd3e6000004030046304402203a1d2f09bbc37707fd4cd1df1dd84d7f373f8b78e3204bcf79e4e5106e69b4f202206dd5e30b5a78fee957b3e2e899058477c53dbafb28c1aca84e24449ee031d376007600293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f47800000162c95dd4190000040300473045022100d81d70460522da35842178f2b19b1eb68080bff74dc3b9ae40fe7f0898751fbf02206b3ae2f2523d8578010b5d8043ca62eae0f1b63284fa18a5359a37207a6161c1 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 004012a466fb9e30f55563d6f061e6acd04243d07dd9d01a5524fb7acc0140f1ae497937ffd2b7663448434394b3fbc7340f6c1645cc6810e6e89c34ba7170e059b4e59a30e797ee28bd796bad0b7947c041b13feced0e4c7ae0bfb8d050e7bab2243c4b4869729cf61738cbae6f65669eb106cd1d56e94f736fcd29d115419bc4e547e9bb975e69f0fa2d958e0e7dec4e4295d5aa372101c9bc0aa56542b9c6baddd7f58a40c87ee641787b49010ffddf7f98d78d3621db87f126e3ef6df485c9da6714e7bbbb363103c04dffe04a3790d05e6da1d5bae1e945158f5d6d9c1927ae84c41569cba9513d76e75cfef97b29562bca0500c20e57453d2fdff178e7b1