biyouseikei-magic.com
Issued by R3
About this certificate
This digital certificate with serial number 03:8d:7d:0d:8e:15:76:95:f5:6c:f0:14:3e:e6:f0:05:80:93 was issued on by Let's Encrypt.
With 8 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=biyouseikei-magic.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:8d:7d:0d:8e:15:76:95:f5:6c:f0:14:3e:e6:f0:05:80:93Serial Number (int): 309482895412267994376511793706549224243347
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 25:a1:26:9c:3a:06:95:a2:40:2e:4f:04:1e:8f:d3:f3:79:32:a8:7c
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 3f:68:f2:51:85:17:28:42:9c:b5:1e:9b:d4:81:0c:0f:e5:35:cb:06
Fingerprint (sha256): e5:d3:70:a2:84:cc:ed:93:bb:f8:48:a6:d6:4f:f5:3e:81:80:68:8d:cd:0c:bb:a0:f1:17:66:ea:b9:50:f6:21
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate biyouseikei-magic.com
8
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for biyouseikei-magic.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.biyouseikei-magic.com
*.fu-fu-nikki.com
biyouseikei-magic.com
biyouseikei-magic.com.watchuonline.com
fu-fu-nikki.com
fu-fu-nikki.com.watchuonline.com
www.biyouseikei-magic.com.watchuonline.com
www.fu-fu-nikki.com.watchuonline.com
*.fu-fu-nikki.com
biyouseikei-magic.com
biyouseikei-magic.com.watchuonline.com
fu-fu-nikki.com
fu-fu-nikki.com.watchuonline.com
www.biyouseikei-magic.com.watchuonline.com
www.fu-fu-nikki.com.watchuonline.com
Other certificates including the domain name biyouseikei-magic.com
(limited to 100 certificates)
biyouseikei-magic.com
www.fu-fu-nikki.com.watchuonline.com
biyouseikei-magic.com
biyouseikei-magic.com
mail.biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com.watchuonline.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
www.semenax123.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
www.hhadapter.hanfacar.com
biyouseikei-magic.com
biyouseikei-magic.com
www.fu-fu-nikki.com.watchuonline.com
biyouseikei-magic.com
biyouseikei-magic.com
mail.biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com.watchuonline.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
www.semenax123.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
biyouseikei-magic.com
www.hhadapter.hanfacar.com
biyouseikei-magic.com
biyouseikei-magic.com
Certificate
The complete raw certificate details for biyouseikei-magic.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF0jCCBLqgAwIBAgISA419DY4VdpX1bPAUPubwBYCTMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEyMDUxNzQ3MDhaFw0yNDAzMDQxNzQ3MDdaMCAxHjAcBgNVBAMT FWJpeW91c2Vpa2VpLW1hZ2ljLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALuenHh1Wf4KLXo6ewDfEFUbjo5WnMa/N6OtaY3LTLIT/ossHNn8KF9d jFQmxiAB7WB+fGsuRmO57hgTBjhMJv1omC/vYqv3xdIyX+MH7fvPpjRp2VkR/CdD +5H+OjZ6m1kXh6tdM2UkTDmO/CK6WXoKkj0yoKs4PTJoNibLXpMg3Hix5OaIdOSC wEezfxOYq3MWT5BrXgzbWTpzzOOqLKMbS5m9w1w/8m3WIcs5zASgPuLYM7rC0Ysg QOF/H8hL+gsaEYS88BmqWi0+702M+1dYzgpkDjE1uYH7pDBn3ArV7G/xED+K2Hgi ZlD+8fhHJLjxRihsjSMUopHTKBOROw8CAwEAAaOCAvIwggLuMA4GA1UdDwEB/wQE AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw ADAdBgNVHQ4EFgQUJaEmnDoGlaJALk8EHo/T83kyqHwwHwYDVR0jBBgwFoAUFC6z F7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVo dHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxl bmNyLm9yZy8wgfsGA1UdEQSB8zCB8IIXKi5iaXlvdXNlaWtlaS1tYWdpYy5jb22C ESouZnUtZnUtbmlra2kuY29tghViaXlvdXNlaWtlaS1tYWdpYy5jb22CJmJpeW91 c2Vpa2VpLW1hZ2ljLmNvbS53YXRjaHVvbmxpbmUuY29tgg9mdS1mdS1uaWtraS5j b22CIGZ1LWZ1LW5pa2tpLmNvbS53YXRjaHVvbmxpbmUuY29tgip3d3cuYml5b3Vz ZWlrZWktbWFnaWMuY29tLndhdGNodW9ubGluZS5jb22CJHd3dy5mdS1mdS1uaWtr aS5jb20ud2F0Y2h1b25saW5lLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQMG CisGAQQB1nkCBAIEgfQEgfEA7wB2ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0t cm/h+tQXAAABjDtOLEsAAAQDAEcwRQIhAO7v5EhgA6pt+cGm+Hh93SzilQw66QAB 341I3a7DCV6PAiA1ukcHhDvGiT0SGqxY/M3U1BlMu6t9TNyTWjtsSDPVfAB1AHb/ iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABjDtOLJUAAAQDAEYwRAIg bGIB+zIPOEBC8WmLEPOCqTL2C7A0OSiFspSbUo5dLBQCIBJuyI7jJMrgLyS0n9uP taxniCY9N4SYxvQDgniZ8cVnMA0GCSqGSIb3DQEBCwUAA4IBAQCTYbGhsvuGT7iD sdpPs7JblALEgDPX6ae+zvUE2MeAlI+7TYSkVkvBRFyqW8bGRDH4SlTP58QmZwdP 59Kn40hohilcpmoAj4ysJXMpxCbmn/ZCxn4s4sd17uQdEMs1icOKjmoQ2MMntdyx N25pLy4jww+nZd/O5JFM0Vfj4EO1XFGKF7DxjkC9Tc/fyrhDBKZ7BIizV6RpBstC 33LZvBKMcgtOxxJ/mlMF2dXXqM+dPTI0m3y6dER8lWwb1oOYQIEkBi5bNjzdRIEj 22WsCWjXeBdaTRmQC/mPLXacBeLc2M3qWUeTnAzpaB7hpqdE3E8OLInyYDQdYaq8 +9EvYvF6 -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu56ceHVZ/gotejp7AN8Q VRuOjlacxr83o61pjctMshP+iywc2fwoX12MVCbGIAHtYH58ay5GY7nuGBMGOEwm /WiYL+9iq/fF0jJf4wft+8+mNGnZWRH8J0P7kf46NnqbWReHq10zZSRMOY78IrpZ egqSPTKgqzg9Mmg2JstekyDceLHk5oh05ILAR7N/E5ircxZPkGteDNtZOnPM46os oxtLmb3DXD/ybdYhyznMBKA+4tgzusLRiyBA4X8fyEv6CxoRhLzwGapaLT7vTYz7 V1jOCmQOMTW5gfukMGfcCtXsb/EQP4rYeCJmUP7x+EckuPFGKGyNIxSikdMoE5E7 DwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 309482895412267994376511793706549224243347 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-05 17:47:08 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-04 17:47:07 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'biyouseikei-magic.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23684777132887199174663322606413218673733481598003336857058632603668812589476241790477108954699327008535506086578315969012936461002979459244966633905979700603669812936479992633022121387941826989243226561105783300567671557515794254428157405690221514768335080365111488062770351286250166396059041083818527518923125257526086238795286957445412451035705266514870831391581813295380658386129971122355496520839318621499494465171122082082849803042528790104386312454721433873144506575986830546279750901499791655676634751413661297250415477592321090660713016254528015769267440810325953885634908922546676233299548900744106469309199 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 25a1269c3a0695a2402e4f041e8fd3f37932a87c . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.biyouseikei-magic.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.fu-fu-nikki.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'biyouseikei-magic.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'biyouseikei-magic.com.watchuonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fu-fu-nikki.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fu-fu-nikki.com.watchuonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.biyouseikei-magic.com.watchuonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.fu-fu-nikki.com.watchuonline.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes) 00ef0076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018c3b4e2c4b0000040300473045022100eeefe4486003aa6df9c1a6f8787ddd2ce2950c3ae90001df8d48ddaec3095e8f022035ba4707843bc6893d121aac58fccdd4d4194cbbab7d4cdc935a3b6c4833d57c00750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018c3b4e2c95000004030046304402206c6201fb320f384042f1698b10f382a932f60bb034392885b2949b528e5d2c140220126ec88ee324cae02f24b49fdb8fb5ac6788263d378498c6f403827899f1c567 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 009361b1a1b2fb864fb883b1da4fb3b25b9402c48033d7e9a7becef504d8c780948fbb4d84a4564bc1445caa5bc6c64431f84a54cfe7c42667074fe7d2a7e3486886295ca66a008f8cac257329c426e69ff642c67e2ce2c775eee41d10cb3589c38a8e6a10d8c327b5dcb1376e692f2e23c30fa765dfcee4914cd157e3e043b55c518a17b0f18e40bd4dcfdfcab84304a67b0488b357a46906cb42df72d9bc128c720b4ec7127f9a5305d9d5d7a8cf9d3d32349b7cba74447c956c1bd68398408124062e5b363cdd448123db65ac0968d778175a4d19900bf98f2d769c05e2dcd8cdea5947939c0ce9681ee1a6a744dc4f0e2c89f260341d61aabcfbd12f62f17a