yourlifeiowa.com

Issued by R3

About this certificate

This digital certificate with serial number 03:40:ed:5f:39:20:15:d1:a7:9c:8c:70:32:23:54:a7:8a:e0 was issued on by Let's Encrypt.

With 97 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=yourlifeiowa.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:40:ed:5f:39:20:15:d1:a7:9c:8c:70:32:23:54:a7:8a:e0
Serial Number (int): 283430450740062788722857821083815800965856
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 9d:8d:7a:fd:78:34:cf:31:3b:45:0c:ae:0d:b4:c3:b5:ed:75:bb:8e
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 8f:cc:f7:dd:95:8d:94:a0:fe:c7:a2:6a:fc:e5:08:ad:1b:cd:eb:93
Fingerprint (sha256): ff:b7:99:25:4b:8a:2a:77:f0:47:f2:da:39:fe:a8:bb:ec:3e:8d:7a:72:90:6a:4d:d4:fd:2d:38:fa:36:73:c0

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate yourlifeiowa.com

97

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for yourlifeiowa.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

app.iowastem.org
i-pact.com
ialottery.com
internal.courts.iowa.gov
iowaabd.com
iowaagriculture.gov
iowacleanair.gov
iowadnr.com
iowadrivingav.org
iowagrants.gov
iowagreatplaces.gov
iowahistory.org
iowahumanitiescouncil.com
iowahumanitiescouncil.org
iowahush.com
iowaintex.gov
iowalmi.gov
iowamissingpersons.com
iowamissingpersons.gov
iowaopiodhelp.com
iowaopioidhelp.com
iowaopioidhelp.org
iowap2services.com
iowareap.com
iowasmokefreeair.gov
iowastem.org
iowastics.com
iowiki.iowaintex.gov
m.ialottery.com
media.ialottery.com
mtest.ialottery.com
onsiteiowa.com
p2infohouse.org
recognizeandreport.org
resultsiowa.org
safeandsoundiowa.com
safeandsoundiowa.gov
safeandsoundiowa.org
safearoundsemis.com
test.ialottery.com
test.icaps.iowacollegeaid.gov
test.iowagrants.gov
test.iowaintex.gov
voterreadyiowa.org
webapp.iecdb.iowa.gov
www.broadband.iowa.gov
www.cmedocviewerportal.iowadot.gov
www.cmesnowboundportal.iowadot.gov
www.cmewebapiportal.iowadot.gov
www.coaching.iowa.gov
www.devertservices.iowadot.gov
www.dlphoto.iowadot.gov
www.envpermits.iowadot.gov
www.ertservices.iowadot.gov
www.historicalphotos.iowadot.gov
www.i-pact.com
www.iahealthlink.gov
www.ialottery.com
www.iowaagriculture.gov
www.iowadrivingav.org
www.iowagrants.gov
www.iowaintex.gov
www.iowalmi.gov
www.iowamissingpersons.com
www.iowamissingpersons.gov
www.iowaoutdoorsmagazine.com
www.iowap2interns.com
www.iowasmokefreeair.gov
www.iowasourcewater.org
www.iowastatepatrol.net
www.iowastatepatrol.org
www.iowastem.org
www.iowastics.com
www.iowatitleguaranty.gov
www.jobs.iowa.gov
www.learning.iowadot.gov
www.licensediniowa.gov
www.majorprojects.iowadot.gov
www.maple.iowadot.gov
www.mtmug.iowadot.gov
www.mydotdocs.iowadot.gov
www.onsiteiowa.com
www.p2infohouse.org
www.recognizeandreport.org
www.recoveryiowa.org
www.resultsiowa.org
www.safearoundsemis.com
www.safeathome.iowa.gov
www.testertservices.iowadot.gov
www.tmcdashboard.iowadot.gov
www.tmcservice.iowadot.gov
www.voterreadyiowa.org
www.yourlifeiowa.com
www.yourlifeiowa.net
www.yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.net

Other certificates including the domain name yourlifeiowa.com

(limited to 100 certificates)
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.envoystaging.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.envoystaging.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com

Certificate

The complete raw certificate details for yourlifeiowa.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIINUTCCDDmgAwIBAgISA0DtXzkgFdGnnIxwMiNUp4rgMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAxMTgwNzAzMTFaFw0yNDA0MTcwNzAzMTBaMBsxGTAXBgNVBAMT
EHlvdXJsaWZlaW93YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCn47FqVmos0GAKeQBpB9EeYmz3lsX8U0PZ1l1poiWgG666ZlieuHlV6OEYCq2k
0WVKUWbPO5W/tHYlSXwMkpE2uItRlF6VtXcm3xdDigSfuz5ZCl2zyUlP8Hpjzfh1
HHcSiuujfu0XZ5dSkCHcv+P+x+zuWjraJ+AqaanFENaLvlWYLXw2vRxcMgjEzzUX
mY2hcJxMwqenSNfmpRs3Ih6J7NBbVh2HtoeHdZwJX6aKopZASqY0wdwAM4Xw/gzO
d3ZQrs+D1VwoWD16JWE4bAKrfeBX/TUeKzWAoZTuqroV5JUMy8XcACfRbwgOVPDR
mt9Hf0HhTbQCFiXZutgpyRIdAgMBAAGjggp2MIIKcjAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
VR0OBBYEFJ2Nev14NM8xO0UMrg20w7XtdbuOMB8GA1UdIwQYMBaAFBQusxe3WFbL
rlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDov
L3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5v
cmcvMIIIfgYDVR0RBIIIdTCCCHGCEGFwcC5pb3dhc3RlbS5vcmeCCmktcGFjdC5j
b22CDWlhbG90dGVyeS5jb22CGGludGVybmFsLmNvdXJ0cy5pb3dhLmdvdoILaW93
YWFiZC5jb22CE2lvd2FhZ3JpY3VsdHVyZS5nb3aCEGlvd2FjbGVhbmFpci5nb3aC
C2lvd2FkbnIuY29tghFpb3dhZHJpdmluZ2F2Lm9yZ4IOaW93YWdyYW50cy5nb3aC
E2lvd2FncmVhdHBsYWNlcy5nb3aCD2lvd2FoaXN0b3J5Lm9yZ4IZaW93YWh1bWFu
aXRpZXNjb3VuY2lsLmNvbYIZaW93YWh1bWFuaXRpZXNjb3VuY2lsLm9yZ4IMaW93
YWh1c2guY29tgg1pb3dhaW50ZXguZ292ggtpb3dhbG1pLmdvdoIWaW93YW1pc3Np
bmdwZXJzb25zLmNvbYIWaW93YW1pc3NpbmdwZXJzb25zLmdvdoIRaW93YW9waW9k
aGVscC5jb22CEmlvd2FvcGlvaWRoZWxwLmNvbYISaW93YW9waW9pZGhlbHAub3Jn
ghJpb3dhcDJzZXJ2aWNlcy5jb22CDGlvd2FyZWFwLmNvbYIUaW93YXNtb2tlZnJl
ZWFpci5nb3aCDGlvd2FzdGVtLm9yZ4INaW93YXN0aWNzLmNvbYIUaW93aWtpLmlv
d2FpbnRleC5nb3aCD20uaWFsb3R0ZXJ5LmNvbYITbWVkaWEuaWFsb3R0ZXJ5LmNv
bYITbXRlc3QuaWFsb3R0ZXJ5LmNvbYIOb25zaXRlaW93YS5jb22CD3AyaW5mb2hv
dXNlLm9yZ4IWcmVjb2duaXplYW5kcmVwb3J0Lm9yZ4IPcmVzdWx0c2lvd2Eub3Jn
ghRzYWZlYW5kc291bmRpb3dhLmNvbYIUc2FmZWFuZHNvdW5kaW93YS5nb3aCFHNh
ZmVhbmRzb3VuZGlvd2Eub3JnghNzYWZlYXJvdW5kc2VtaXMuY29tghJ0ZXN0Lmlh
bG90dGVyeS5jb22CHXRlc3QuaWNhcHMuaW93YWNvbGxlZ2VhaWQuZ292ghN0ZXN0
Lmlvd2FncmFudHMuZ292ghJ0ZXN0Lmlvd2FpbnRleC5nb3aCEnZvdGVycmVhZHlp
b3dhLm9yZ4IVd2ViYXBwLmllY2RiLmlvd2EuZ292ghZ3d3cuYnJvYWRiYW5kLmlv
d2EuZ292giJ3d3cuY21lZG9jdmlld2VycG9ydGFsLmlvd2Fkb3QuZ292giJ3d3cu
Y21lc25vd2JvdW5kcG9ydGFsLmlvd2Fkb3QuZ292gh93d3cuY21ld2ViYXBpcG9y
dGFsLmlvd2Fkb3QuZ292ghV3d3cuY29hY2hpbmcuaW93YS5nb3aCHnd3dy5kZXZl
cnRzZXJ2aWNlcy5pb3dhZG90LmdvdoIXd3d3LmRscGhvdG8uaW93YWRvdC5nb3aC
Gnd3dy5lbnZwZXJtaXRzLmlvd2Fkb3QuZ292ght3d3cuZXJ0c2VydmljZXMuaW93
YWRvdC5nb3aCIHd3dy5oaXN0b3JpY2FscGhvdG9zLmlvd2Fkb3QuZ292gg53d3cu
aS1wYWN0LmNvbYIUd3d3LmlhaGVhbHRobGluay5nb3aCEXd3dy5pYWxvdHRlcnku
Y29tghd3d3cuaW93YWFncmljdWx0dXJlLmdvdoIVd3d3Lmlvd2Fkcml2aW5nYXYu
b3JnghJ3d3cuaW93YWdyYW50cy5nb3aCEXd3dy5pb3dhaW50ZXguZ292gg93d3cu
aW93YWxtaS5nb3aCGnd3dy5pb3dhbWlzc2luZ3BlcnNvbnMuY29tghp3d3cuaW93
YW1pc3NpbmdwZXJzb25zLmdvdoIcd3d3Lmlvd2FvdXRkb29yc21hZ2F6aW5lLmNv
bYIVd3d3Lmlvd2FwMmludGVybnMuY29tghh3d3cuaW93YXNtb2tlZnJlZWFpci5n
b3aCF3d3dy5pb3dhc291cmNld2F0ZXIub3Jnghd3d3cuaW93YXN0YXRlcGF0cm9s
Lm5ldIIXd3d3Lmlvd2FzdGF0ZXBhdHJvbC5vcmeCEHd3dy5pb3dhc3RlbS5vcmeC
EXd3dy5pb3dhc3RpY3MuY29tghl3d3cuaW93YXRpdGxlZ3VhcmFudHkuZ292ghF3
d3cuam9icy5pb3dhLmdvdoIYd3d3LmxlYXJuaW5nLmlvd2Fkb3QuZ292ghZ3d3cu
bGljZW5zZWRpbmlvd2EuZ292gh13d3cubWFqb3Jwcm9qZWN0cy5pb3dhZG90Lmdv
doIVd3d3Lm1hcGxlLmlvd2Fkb3QuZ292ghV3d3cubXRtdWcuaW93YWRvdC5nb3aC
GXd3dy5teWRvdGRvY3MuaW93YWRvdC5nb3aCEnd3dy5vbnNpdGVpb3dhLmNvbYIT
d3d3LnAyaW5mb2hvdXNlLm9yZ4Iad3d3LnJlY29nbml6ZWFuZHJlcG9ydC5vcmeC
FHd3dy5yZWNvdmVyeWlvd2Eub3JnghN3d3cucmVzdWx0c2lvd2Eub3Jnghd3d3cu
c2FmZWFyb3VuZHNlbWlzLmNvbYIXd3d3LnNhZmVhdGhvbWUuaW93YS5nb3aCH3d3
dy50ZXN0ZXJ0c2VydmljZXMuaW93YWRvdC5nb3aCHHd3dy50bWNkYXNoYm9hcmQu
aW93YWRvdC5nb3aCGnd3dy50bWNzZXJ2aWNlLmlvd2Fkb3QuZ292ghZ3d3cudm90
ZXJyZWFkeWlvd2Eub3JnghR3d3cueW91cmxpZmVpb3dhLmNvbYIUd3d3LnlvdXJs
aWZlaW93YS5uZXSCFHd3dy55b3VybGlmZWlvd2Eub3JnghB5b3VybGlmZWlvd2Eu
Y29tghB5b3VybGlmZWlvd2EubmV0MBMGA1UdIAQMMAowCAYGZ4EMAQIBMIIBAwYK
KwYBBAHWeQIEAgSB9ASB8QDvAHYASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/
qznYhHMAAAGNG5hwkAAABAMARzBFAiEA2JQ+PcXD2YqE67AW0q3lDD7wDrRb9zI0
ife6+WjRUBUCIBHKTbCEsqpuBmByDeyAp2RrT81nEkFypcFmPDS6ss0BAHUAouK/
1h7eLy8HoNZObTen3GVDsMa1LqLat4r4mm31F9gAAAGNG5hwmQAABAMARjBEAiAH
eziLXi6pUXRNMOlpOSD1QHULzrmEJRcQnYINduwn2wIgJYoSzXVdvVwcwdr07SA6
Q6EXk+r7uaiaT/5ffQu+S04wDQYJKoZIhvcNAQELBQADggEBAFr9AOPwkiej2JpA
+AHXBcSWsy+Z+lrKwjsJQG1QnTbxasUm5gCqAYOBYpaDAruTazOeeXmUS08S4JFQ
vpy5YRyUODwaBAJLhsMJc3SRe6EuThWhLDuvRvF9vt/g3ZEk9+/igpZbLxFg5i37
8bG6I3mnrIN4wMUW26I43r7LGqrbiysLaxL6qPFX0jScABEEtx99m9SOJFGVuZg0
EM3YvYE1KeG/FyplPfNl4Zlxa47podllwwbHzUr3UI1L/uIhJPbiJOtmtvFIrkIP
L0KEDioVNQRIiDXMPA3w+71dPvPNShWe6m1bbu8Hu2w0JxdYYsOC+DCkIxYKRDw4
X6E0fEk=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+OxalZqLNBgCnkAaQfR
HmJs95bF/FND2dZdaaIloBuuumZYnrh5VejhGAqtpNFlSlFmzzuVv7R2JUl8DJKR
NriLUZRelbV3Jt8XQ4oEn7s+WQpds8lJT/B6Y834dRx3Eorro37tF2eXUpAh3L/j
/sfs7lo62ifgKmmpxRDWi75VmC18Nr0cXDIIxM81F5mNoXCcTMKnp0jX5qUbNyIe
iezQW1Ydh7aHh3WcCV+miqKWQEqmNMHcADOF8P4Mznd2UK7Pg9VcKFg9eiVhOGwC
q33gV/01His1gKGU7qq6FeSVDMvF3AAn0W8IDlTw0ZrfR39B4U20AhYl2brYKckS
HQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 283430450740062788722857821083815800965856
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-18 07:03:11 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-17 07:03:10 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'yourlifeiowa.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21194076546567669418006929994208388222551290728360044176937565294774263861262695700492532397260452588888498486953904199916631282316135508615081058362382583448499824820926781815592637813067867126353866551484714689161323744366789776058257962195361147244868878102013661700763794507211578153107378449759505348974478446689436180097662030821062614867338488590397060888239375290142221804724895600507658222665179707657140438264155559421971106813986142128198943143968143157259136314101200031563234096347297098463752041752483247976655394988714986006798285466269208577973289603936781031823322180733792946497471978433673784005149
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							9d8d7afd7834cf313b450cae0db4c3b5ed75bb8e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'app.iowastem.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'i-pact.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ialottery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'internal.courts.iowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaabd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaagriculture.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowacleanair.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowadnr.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowadrivingav.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowagrants.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowagreatplaces.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowahistory.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowahumanitiescouncil.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowahumanitiescouncil.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowahush.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaintex.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowalmi.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowamissingpersons.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowamissingpersons.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaopiodhelp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaopioidhelp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaopioidhelp.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowap2services.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowareap.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowasmokefreeair.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowastem.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowastics.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowiki.iowaintex.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'm.ialottery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.ialottery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mtest.ialottery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onsiteiowa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'p2infohouse.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recognizeandreport.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'resultsiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'safeandsoundiowa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'safeandsoundiowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'safeandsoundiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'safearoundsemis.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.ialottery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.icaps.iowacollegeaid.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.iowagrants.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.iowaintex.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'voterreadyiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webapp.iecdb.iowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.broadband.iowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cmedocviewerportal.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cmesnowboundportal.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cmewebapiportal.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.coaching.iowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.devertservices.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dlphoto.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.envpermits.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ertservices.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.historicalphotos.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.i-pact.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iahealthlink.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ialottery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowaagriculture.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowadrivingav.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowagrants.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowaintex.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowalmi.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowamissingpersons.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowamissingpersons.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowaoutdoorsmagazine.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowap2interns.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowasmokefreeair.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowasourcewater.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowastatepatrol.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowastatepatrol.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowastem.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowastics.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowatitleguaranty.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jobs.iowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.learning.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.licensediniowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.majorprojects.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.maple.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mtmug.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mydotdocs.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.onsiteiowa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.p2infohouse.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recognizeandreport.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveryiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.resultsiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.safearoundsemis.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.safeathome.iowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.testertservices.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tmcdashboard.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tmcservice.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.voterreadyiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.yourlifeiowa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.yourlifeiowa.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.yourlifeiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'yourlifeiowa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'yourlifeiowa.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef00760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018d1b9870900000040300473045022100d8943e3dc5c3d98a84ebb016d2ade50c3ef00eb45bf7323489f7baf968d15015022011ca4db084b2aa6e0660720dec80a7646b4fcd67124172a5c1663c34bab2cd01007500a2e2bfd61ede2f2f07a0d64e6d37a7dc6543b0c6b52ea2dab78af89a6df517d80000018d1b98709900000403004630440220077b388b5e2ea951744d30e9693920f540750bceb9842517109d820d76ec27db0220258a12cd755dbd5c1cc1daf4ed203a43a11793eafbb9a89a4ffe5f7d0bbe4b4e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005afd00e3f09227a3d89a40f801d705c496b32f99fa5acac23b09406d509d36f16ac526e600aa01838162968302bb936b339e7979944b4f12e09150be9cb9611c94383c1a04024b86c3097374917ba12e4e15a12c3baf46f17dbedfe0dd9124f7efe282965b2f1160e62dfbf1b1ba2379a7ac8378c0c516dba238debecb1aaadb8b2b0b6b12faa8f157d2349c001104b71f7d9bd48e245195b9983410cdd8bd813529e1bf172a653df365e199716b8ee9a1d965c306c7cd4af7508d4bfee22124f6e224eb66b6f148ae420f2f42840e2a153504488835cc3c0df0fbbd5d3ef3cd4a159eea6d5b6eef07bb6c3427175862c382f830a423160a443c385fa1347c49