starfield.org
Issued by R3
About this certificate
This digital certificate with serial number 03:d2:96:0d:24:8e:99:1b:38:fc:67:9f:11:ef:27:7a:64:a4 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=starfield.org
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:d2:96:0d:24:8e:99:1b:38:fc:67:9f:11:ef:27:7a:64:a4Serial Number (int): 332995607289369244525969143868351537898660
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: ec:63:7a:67:96:b7:99:47:c7:05:48:d9:d3:6b:1c:c0:1b:d8:76:76
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): d2:95:90:71:db:01:ac:58:bc:99:e8:70:70:07:ff:c1:69:a4:0b:80
Fingerprint (sha256): f8:85:db:b1:07:d0:44:0d:28:de:c9:a2:1b:f8:06:30:d4:bd:27:fb:f2:a9:07:74:90:06:64:da:13:3e:c5:eb
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate starfield.org
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for starfield.org
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
starfield.org
www.starfield.org
www.starfield.org
Other certificates including the domain name starfield.org
(limited to 100 certificates)
Certificate
The complete raw certificate details for starfield.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF+jCCBOKgAwIBAgISA9KWDSSOmRs4/GefEe8nemSkMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAyMDkyMTA1NTlaFw0yNDA1MDkyMTA1NThaMBgxFjAUBgNVBAMT DXN0YXJmaWVsZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDL ddxZPyec+P2OL7e1dHMGPBx0DgmLEOLKm0x0NLB6/Xls6Tgtu/tYacj01gezua98 MTgzD1kIOUhf8nWkdegByXZ6d4mCGE63yhfDGVeqH+dGf6or6tDdh0lVbbpLQdFv E2gc1V9uDqemzK4kqTKTibGodU2f4TP7g6/jyrydjtNmCtf8XuLer4Hfl1e89FD3 tHUGCI2EnL1htemWzm3kKcNRdEg7KeC0WEcEnKtsJzsbkdBVX2IHH44yZtva5L/w 7pP7OMX39trNt7unefG7na/PCtsZyJo5cyZoeVDBtOvcWKh7vywNPzGjiWNmAAAx nsXBYQDI6bVtl/vQ4jWoM8p+JG6+LmkxdlAALN7QPJMZb43HgtQnDDFBqj1PZ7zQ RMo3u2sgf+/QWPz9tvNOKCVV1Xkjcs99DjqvgGFH7TpHlkVBu3Arik6F0B7VUJGH l/kVzYIylBorcIv/mKkllzNWtNzWyrg5lQchRkb6Gmw3bKoqofwtaisZM49SiD1r RtdRJh+LKcK2qEiv02KnwZD/TXQBg93bVp4CYQ2z6Dr0xIefYfDU2LpmGrjrh5qA wgFAq3mr5t1/J6Pm/e09QVUzmic5bRBimtReq9ORU/sYDSf4FGNjx3j021mnn6ZP b/9jDiAXVuPzvhDegJ3P56yM8IdHtuYeQBdBw0/DgQIDAQABo4ICIjCCAh4wDgYD VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV HRMBAf8EAjAAMB0GA1UdDgQWBBTsY3pnlreZR8cFSNnTaxzAG9h2djAfBgNVHSME GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov L3IzLmkubGVuY3Iub3JnLzArBgNVHREEJDAigg1zdGFyZmllbGQub3JnghF3d3cu c3RhcmZpZWxkLm9yZzATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkC BAIEgfUEgfIA8AB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAAB jY/n9QoAAAQDAEgwRgIhAPTG2eoQW1BAx4cnye9W97xz+Ddv0ecZ38k4zPUTvutx AiEAwYBogeoUyo+2+BDPrOx8JE9i/9Ii6/eltRvfyZl5ohAAdQB2/4g/Crb7lVHC Ycz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAY2P5/c9AAAEAwBGMEQCIDsdvepb0lFe z+kv4IiorA2Toeg5i6LMl6UG0zk9RB35AiBYmpuGRlMSTUienIipG3Hm6Jhi1TPc VnXAK58XhENEkzANBgkqhkiG9w0BAQsFAAOCAQEAcFogkWjdxxnU7JCeiFp7Q60h kH4Msbprf5pyPITlGbxcr2YT5Ac1SwLy4II2kTYPB9xhFk7F9uChCb8LTvOigiYp KejhTiQVLmSm7s0ScX2g/6wADM3PU7JeJ5bX7RrIzS1yDfBDbR+rB1ojkuLffRpy jfrqrMRz6zZyOBM6Jan3a/VRgUlRQTxGeSNMlXKhyVrKPPUHNLz6ipapn7HYfoNX cAJLjnl8e2cs7LuF9GqHqVCZy1uICmNjYv99ncjXLgJspw1msGrh4Sym3QdITu30 hhCDJH27ti4wuLVZHlfeJd/3PSwMT/DHNN6dXxy6acD5xI2d7a/Bt3U0ec5RWA== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy3XcWT8nnPj9ji+3tXRz BjwcdA4JixDiyptMdDSwev15bOk4Lbv7WGnI9NYHs7mvfDE4Mw9ZCDlIX/J1pHXo Acl2eneJghhOt8oXwxlXqh/nRn+qK+rQ3YdJVW26S0HRbxNoHNVfbg6npsyuJKky k4mxqHVNn+Ez+4Ov48q8nY7TZgrX/F7i3q+B35dXvPRQ97R1BgiNhJy9YbXpls5t 5CnDUXRIOyngtFhHBJyrbCc7G5HQVV9iBx+OMmbb2uS/8O6T+zjF9/bazbe7p3nx u52vzwrbGciaOXMmaHlQwbTr3Fioe78sDT8xo4ljZgAAMZ7FwWEAyOm1bZf70OI1 qDPKfiRuvi5pMXZQACze0DyTGW+Nx4LUJwwxQao9T2e80ETKN7trIH/v0Fj8/bbz TiglVdV5I3LPfQ46r4BhR+06R5ZFQbtwK4pOhdAe1VCRh5f5Fc2CMpQaK3CL/5ip JZczVrTc1sq4OZUHIUZG+hpsN2yqKqH8LWorGTOPUog9a0bXUSYfiynCtqhIr9Ni p8GQ/010AYPd21aeAmENs+g69MSHn2Hw1Ni6Zhq464eagMIBQKt5q+bdfyej5v3t PUFVM5onOW0QYprUXqvTkVP7GA0n+BRjY8d49NtZp5+mT2//Yw4gF1bj874Q3oCd z+esjPCHR7bmHkAXQcNPw4ECAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 332995607289369244525969143868351537898660 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-09 21:05:59 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-09 21:05:58 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'starfield.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 830045987432009587252064917970894259725197942684951229365312547916013179063584420921059803993990540669231548481880630513553523979827303618776015000530292462190739429882362654054914105947914712887164575194723064478964282029232301235612407662346109773473966042201504704998774568478785375679584700563721707211368893791141469363561325333610358685800480102074610655881097333452205859496850616346450971572945560320605115642115846604888698441518644805608573426912688074426587180067509628974494670810372166086415845487660162971855585352208328607157410548456947432455909638853013700700020290308004257180861775446598198258015123809252758854228746627119077410740378164598771674031626585246068412903024146591549801087847987053608727893478856411565118494821563656854018597702620444225408884071478886122859131216714744002955503871625067824133554643136548150140833249554452172514510333517743802529445258895029492085248555452810479711095931049783604690085659382156463705993974232320403867324216691690588532540277989254265435677443108370465751017295539166470727555642311557452225664785828996172773012244053530600728836044792673760791075252634570869461873985645126666239595971835404760516150095917726601053346288293678784661962276683044960353796473729 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) ec637a6796b79947c70548d9d36b1cc01bd87676 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'starfield.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.starfield.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f000770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018d8fe7f50a0000040300483046022100f4c6d9ea105b5040c78727c9ef56f7bc73f8376fd1e719dfc938ccf513beeb71022100c1806881ea14ca8fb6f810cfacec7c244f62ffd222ebf7a5b51bdfc99979a21000750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018d8fe7f73d000004030046304402203b1dbdea5bd2515ecfe92fe088a8ac0d93a1e8398ba2cc97a506d3393d441df90220589a9b864653124d489e9c88a91b71e6e89862d533dc5675c02b9f1784434493 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00705a209168ddc719d4ec909e885a7b43ad21907e0cb1ba6b7f9a723c84e519bc5caf6613e407354b02f2e0823691360f07dc61164ec5f6e0a109bf0b4ef3a282262929e8e14e24152e64a6eecd12717da0ffac000ccdcf53b25e2796d7ed1ac8cd2d720df0436d1fab075a2392e2df7d1a728dfaeaacc473eb367238133a25a9f76bf551814951413c4679234c9572a1c95aca3cf50734bcfa8a96a99fb1d87e835770024b8e797c7b672cecbb85f46a87a95099cb5b880a636362ff7d9dc8d72e026ca70d66b06ae1e12ca6dd07484eedf4861083247dbbb62e30b8b5591e57de25dff73d2c0c4ff0c734de9d5f1cba69c0f9c48d9dedafc1b7753479ce5158