starfield.org

Issued by R3

About this certificate

This digital certificate with serial number 03:d2:96:0d:24:8e:99:1b:38:fc:67:9f:11:ef:27:7a:64:a4 was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=starfield.org

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:d2:96:0d:24:8e:99:1b:38:fc:67:9f:11:ef:27:7a:64:a4
Serial Number (int): 332995607289369244525969143868351537898660
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: ec:63:7a:67:96:b7:99:47:c7:05:48:d9:d3:6b:1c:c0:1b:d8:76:76
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): d2:95:90:71:db:01:ac:58:bc:99:e8:70:70:07:ff:c1:69:a4:0b:80
Fingerprint (sha256): f8:85:db:b1:07:d0:44:0d:28:de:c9:a2:1b:f8:06:30:d4:bd:27:fb:f2:a9:07:74:90:06:64:da:13:3e:c5:eb

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate starfield.org

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for starfield.org

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

starfield.org
www.starfield.org

Other certificates including the domain name starfield.org

(limited to 100 certificates)
lymediseaseprevention.org
starfield.org
optivibe.com
starfield.org
aloisalzheimer.org
lymediseaseprevention.org
oxy1.com
starfield.org

Certificate

The complete raw certificate details for starfield.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgISA9KWDSSOmRs4/GefEe8nemSkMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAyMDkyMTA1NTlaFw0yNDA1MDkyMTA1NThaMBgxFjAUBgNVBAMT
DXN0YXJmaWVsZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDL
ddxZPyec+P2OL7e1dHMGPBx0DgmLEOLKm0x0NLB6/Xls6Tgtu/tYacj01gezua98
MTgzD1kIOUhf8nWkdegByXZ6d4mCGE63yhfDGVeqH+dGf6or6tDdh0lVbbpLQdFv
E2gc1V9uDqemzK4kqTKTibGodU2f4TP7g6/jyrydjtNmCtf8XuLer4Hfl1e89FD3
tHUGCI2EnL1htemWzm3kKcNRdEg7KeC0WEcEnKtsJzsbkdBVX2IHH44yZtva5L/w
7pP7OMX39trNt7unefG7na/PCtsZyJo5cyZoeVDBtOvcWKh7vywNPzGjiWNmAAAx
nsXBYQDI6bVtl/vQ4jWoM8p+JG6+LmkxdlAALN7QPJMZb43HgtQnDDFBqj1PZ7zQ
RMo3u2sgf+/QWPz9tvNOKCVV1Xkjcs99DjqvgGFH7TpHlkVBu3Arik6F0B7VUJGH
l/kVzYIylBorcIv/mKkllzNWtNzWyrg5lQchRkb6Gmw3bKoqofwtaisZM49SiD1r
RtdRJh+LKcK2qEiv02KnwZD/TXQBg93bVp4CYQ2z6Dr0xIefYfDU2LpmGrjrh5qA
wgFAq3mr5t1/J6Pm/e09QVUzmic5bRBimtReq9ORU/sYDSf4FGNjx3j021mnn6ZP
b/9jDiAXVuPzvhDegJ3P56yM8IdHtuYeQBdBw0/DgQIDAQABo4ICIjCCAh4wDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBTsY3pnlreZR8cFSNnTaxzAG9h2djAfBgNVHSME
GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB
BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov
L3IzLmkubGVuY3Iub3JnLzArBgNVHREEJDAigg1zdGFyZmllbGQub3JnghF3d3cu
c3RhcmZpZWxkLm9yZzATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkC
BAIEgfUEgfIA8AB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAAB
jY/n9QoAAAQDAEgwRgIhAPTG2eoQW1BAx4cnye9W97xz+Ddv0ecZ38k4zPUTvutx
AiEAwYBogeoUyo+2+BDPrOx8JE9i/9Ii6/eltRvfyZl5ohAAdQB2/4g/Crb7lVHC
Ycz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAY2P5/c9AAAEAwBGMEQCIDsdvepb0lFe
z+kv4IiorA2Toeg5i6LMl6UG0zk9RB35AiBYmpuGRlMSTUienIipG3Hm6Jhi1TPc
VnXAK58XhENEkzANBgkqhkiG9w0BAQsFAAOCAQEAcFogkWjdxxnU7JCeiFp7Q60h
kH4Msbprf5pyPITlGbxcr2YT5Ac1SwLy4II2kTYPB9xhFk7F9uChCb8LTvOigiYp
KejhTiQVLmSm7s0ScX2g/6wADM3PU7JeJ5bX7RrIzS1yDfBDbR+rB1ojkuLffRpy
jfrqrMRz6zZyOBM6Jan3a/VRgUlRQTxGeSNMlXKhyVrKPPUHNLz6ipapn7HYfoNX
cAJLjnl8e2cs7LuF9GqHqVCZy1uICmNjYv99ncjXLgJspw1msGrh4Sym3QdITu30
hhCDJH27ti4wuLVZHlfeJd/3PSwMT/DHNN6dXxy6acD5xI2d7a/Bt3U0ec5RWA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy3XcWT8nnPj9ji+3tXRz
BjwcdA4JixDiyptMdDSwev15bOk4Lbv7WGnI9NYHs7mvfDE4Mw9ZCDlIX/J1pHXo
Acl2eneJghhOt8oXwxlXqh/nRn+qK+rQ3YdJVW26S0HRbxNoHNVfbg6npsyuJKky
k4mxqHVNn+Ez+4Ov48q8nY7TZgrX/F7i3q+B35dXvPRQ97R1BgiNhJy9YbXpls5t
5CnDUXRIOyngtFhHBJyrbCc7G5HQVV9iBx+OMmbb2uS/8O6T+zjF9/bazbe7p3nx
u52vzwrbGciaOXMmaHlQwbTr3Fioe78sDT8xo4ljZgAAMZ7FwWEAyOm1bZf70OI1
qDPKfiRuvi5pMXZQACze0DyTGW+Nx4LUJwwxQao9T2e80ETKN7trIH/v0Fj8/bbz
TiglVdV5I3LPfQ46r4BhR+06R5ZFQbtwK4pOhdAe1VCRh5f5Fc2CMpQaK3CL/5ip
JZczVrTc1sq4OZUHIUZG+hpsN2yqKqH8LWorGTOPUog9a0bXUSYfiynCtqhIr9Ni
p8GQ/010AYPd21aeAmENs+g69MSHn2Hw1Ni6Zhq464eagMIBQKt5q+bdfyej5v3t
PUFVM5onOW0QYprUXqvTkVP7GA0n+BRjY8d49NtZp5+mT2//Yw4gF1bj874Q3oCd
z+esjPCHR7bmHkAXQcNPw4ECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 332995607289369244525969143868351537898660
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-09 21:05:59 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-09 21:05:58 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'starfield.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 830045987432009587252064917970894259725197942684951229365312547916013179063584420921059803993990540669231548481880630513553523979827303618776015000530292462190739429882362654054914105947914712887164575194723064478964282029232301235612407662346109773473966042201504704998774568478785375679584700563721707211368893791141469363561325333610358685800480102074610655881097333452205859496850616346450971572945560320605115642115846604888698441518644805608573426912688074426587180067509628974494670810372166086415845487660162971855585352208328607157410548456947432455909638853013700700020290308004257180861775446598198258015123809252758854228746627119077410740378164598771674031626585246068412903024146591549801087847987053608727893478856411565118494821563656854018597702620444225408884071478886122859131216714744002955503871625067824133554643136548150140833249554452172514510333517743802529445258895029492085248555452810479711095931049783604690085659382156463705993974232320403867324216691690588532540277989254265435677443108370465751017295539166470727555642311557452225664785828996172773012244053530600728836044792673760791075252634570869461873985645126666239595971835404760516150095917726601053346288293678784661962276683044960353796473729
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ec637a6796b79947c70548d9d36b1cc01bd87676
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'starfield.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.starfield.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f000770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018d8fe7f50a0000040300483046022100f4c6d9ea105b5040c78727c9ef56f7bc73f8376fd1e719dfc938ccf513beeb71022100c1806881ea14ca8fb6f810cfacec7c244f62ffd222ebf7a5b51bdfc99979a21000750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018d8fe7f73d000004030046304402203b1dbdea5bd2515ecfe92fe088a8ac0d93a1e8398ba2cc97a506d3393d441df90220589a9b864653124d489e9c88a91b71e6e89862d533dc5675c02b9f1784434493
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00705a209168ddc719d4ec909e885a7b43ad21907e0cb1ba6b7f9a723c84e519bc5caf6613e407354b02f2e0823691360f07dc61164ec5f6e0a109bf0b4ef3a282262929e8e14e24152e64a6eecd12717da0ffac000ccdcf53b25e2796d7ed1ac8cd2d720df0436d1fab075a2392e2df7d1a728dfaeaacc473eb367238133a25a9f76bf551814951413c4679234c9572a1c95aca3cf50734bcfa8a96a99fb1d87e835770024b8e797c7b672cecbb85f46a87a95099cb5b880a636362ff7d9dc8d72e026ca70d66b06ae1e12ca6dd07484eedf4861083247dbbb62e30b8b5591e57de25dff73d2c0c4ff0c734de9d5f1cba69c0f9c48d9dedafc1b7753479ce5158