diff --git a/ccadb/ccadb.go b/ccadb/ccadb.go new file mode 100644 index 0000000..40f6d27 --- /dev/null +++ b/ccadb/ccadb.go @@ -0,0 +1,267 @@ +package ccadb + +import ( + "bytes" + "context" + "crypto/x509" + _ "embed" + "encoding/base64" + "encoding/csv" + "encoding/json" + "encoding/pem" + "errors" + "fmt" + "github.com/letsencrypt/crl-monitor/retryhttp" + "io" + "log" + "slices" + "time" + + "github.com/letsencrypt/boulder/crl/checker" + "github.com/letsencrypt/crl-monitor/cmd" + "github.com/letsencrypt/crl-monitor/idp" +) + +//go:embed intermediates.pem +var allIssuers []byte + +const ( + CCADBAllCertificatesCSVURL cmd.EnvVar = "CCADB_ALL_CERTIFICATES_CSV_URL" + CRLAgeLimit cmd.EnvVar = "CRL_AGE_LIMIT" + CAOwner cmd.EnvVar = "CA_OWNER" +) + +// Checker fetches the AllCertificatesRecordsReport from CCADB, filters for a +// specific CA Owner (defaults to 'Internet Security Research Group'), and +// fetches all CRLs found. +// +// It checks that the CRLs: +// - Are not too old +// - Have an issuingDistributionPoint that matches the URL from which they +// were fetched +// - Have a valid signature based on their issuer SKID from CCADB +// (full issuer certificates for ISRG are embedded in this binary) +// - Don't have duplicate serial numbers across different CRLs +type Checker struct { + allCertificatesCSVURL string + caOwner string + crlAgeLimit time.Duration + + // Map from SKID (bytes cast to string) to issuer. + issuers map[string]*x509.Certificate +} + +func NewFromEnv() (*Checker, error) { + ccadbAllCertificatesCSVURL := "https://ccadb.my.salesforce-sites.com/ccadb/AllCertificateRecordsCSVFormatv2" + allCertsCSV, ok := CCADBAllCertificatesCSVURL.LookupEnv() + if ok { + ccadbAllCertificatesCSVURL = allCertsCSV + } + + caOwner := "Internet Security Research Group" + owner, ok := CAOwner.LookupEnv() + if ok { + caOwner = owner + } + + ageLimitDuration := 24 * time.Hour + crlAgeLimit, ok := CRLAgeLimit.LookupEnv() + if ok { + var err error + ageLimitDuration, err = time.ParseDuration(crlAgeLimit) + if err != nil { + return nil, fmt.Errorf("parsing age limit: %s", err) + } + } + + issuers, err := parseIssuers() + if err != nil { + return nil, err + } + + return &Checker{ + allCertificatesCSVURL: ccadbAllCertificatesCSVURL, + caOwner: caOwner, + crlAgeLimit: ageLimitDuration, + issuers: issuers, + }, nil +} + +func (c *Checker) Check(ctx context.Context) error { + crlURLs, err := c.getCRLURLs(ctx, c.allCertificatesCSVURL, c.caOwner) + if err != nil { + return err + } + + var crls, entries, bytes int + + serials := make(map[string]*x509.RevocationList) + + var errs []error + for skid, urls := range crlURLs { + for _, url := range urls { + crls++ + issuer := c.issuers[skid] + if issuer == nil { + return fmt.Errorf("no issuer found for skid %x", skid) + } + crl, err := checkCRL(ctx, url, issuer, c.crlAgeLimit) + if err != nil { + errs = append(errs, fmt.Errorf("fetching %s: %s", url, err)) + continue + } + + // Check for duplicates across different CRLs (or within a CRL). + // Cap any given CRL at 1M entries to limit memory use. + for i, entry := range crl.RevokedCertificateEntries { + if i > 1_000_000 { + break + } + serialByteString := string(entry.SerialNumber.Bytes()) + if otherCRL, ok := serials[serialByteString]; ok { + otherCRLURL, err := idp.Get(otherCRL) + if err != nil { + return err + } + errs = append(errs, fmt.Errorf("serial %x seen on multiple CRLs: %s and %s", entry.SerialNumber, otherCRLURL, url)) + } + serials[serialByteString] = crl + } + + age := time.Since(crl.ThisUpdate).Round(time.Minute) + nextUpdate := time.Until(crl.NextUpdate).Round(time.Hour) + entries += len(crl.RevokedCertificateEntries) + bytes += len(crl.Raw) + log.Printf("crl %q: %d entries, %d bytes, age %gm, nextUpdate %gh", url, len(crl.RevokedCertificateEntries), len(crl.Raw), age.Minutes(), nextUpdate.Hours()) + } + } + + log.Printf("%d CRLs had %d entries and %d bytes", crls, entries, bytes) + return errors.Join(errs...) +} + +func checkCRL(ctx context.Context, url string, issuer *x509.Certificate, ageLimit time.Duration) (*x509.RevocationList, error) { + body, err := retryhttp.Get(ctx, url) + if err != nil { + return nil, err + } + + crl, err := x509.ParseRevocationList(body) + if err != nil { + return nil, err + } + + idp, err := idp.Get(crl) + if err != nil { + return nil, err + } + + if idp != url { + return nil, fmt.Errorf("CRL fetched from %s had mismatched IDP %s", url, idp) + } + + return crl, checker.Validate(crl, issuer, ageLimit) +} + +// returns a map from issuer SKID to list of URLs +func (c Checker) getCRLURLs(ctx context.Context, csvURL string, owner string) (map[string][]string, error) { + body, err := retryhttp.Get(ctx, csvURL) + if err != nil { + return nil, err + } + reader := csv.NewReader(bytes.NewReader(body)) + header, err := reader.Read() + if err != nil { + return nil, err + } + + var ownerIndex, crlIndex, skidIndex, certificateNameIndex int + for i, name := range header { + if name == "CA Owner" { + ownerIndex = i + } + if name == "JSON Array of Partitioned CRLs" { + crlIndex = i + } + if name == "Subject Key Identifier" { + skidIndex = i + } + if name == "Certificate Name" { + certificateNameIndex = i + } + } + allCRLs := make(map[string][]string) + for { + record, err := reader.Read() + if err == io.EOF { + break + } + if err != nil { + return nil, err + } + if record[ownerIndex] != owner { + continue + } + crlJSON := record[crlIndex] + if crlJSON == "" { + continue + } + var crls []string + err = json.Unmarshal([]byte(crlJSON), &crls) + if err != nil { + return nil, err + } + certificateName := record[certificateNameIndex] + skidBase64 := record[skidIndex] + skid, err := base64.StdEncoding.DecodeString(skidBase64) + if err != nil { + return nil, err + } + if len(skid) == 0 { + return nil, fmt.Errorf("no skid for %q", certificateName) + } + stringSKID := string(skid) + if c.issuers[stringSKID] == nil { + return nil, fmt.Errorf("CCADB contained %q with SKID %x, but that SKID is not in embedded issuers file. Might need update and rebuild this binary", + certificateName, skid) + } + // An issuer can show up multiple times, under different cross-signs. However, + // it must have the same list of CRLs each time. + if c := allCRLs[stringSKID]; c != nil && !slices.Equal(c, crls) { + return nil, fmt.Errorf("CCADB contained %q with SKID %x multiple times with different CRLs", certificateName, skid) + } + allCRLs[stringSKID] = crls + } + + if len(allCRLs) == 0 { + return nil, fmt.Errorf("no records found in CCADB for CA Owner %q", owner) + } + return allCRLs, nil +} + +// getIssuers parses the embedded PEM file containing multiple intermediates. +// +// The file should contain an entry for every issuer that is listed in the +// CCADB All Certificates list for the relevant CA Organization. +// +// Returns a map from SubjectKeyId (cast from []byte to string) to the +// matching intermediate. +func parseIssuers() (map[string]*x509.Certificate, error) { + ret := make(map[string]*x509.Certificate) + + remaining := allIssuers + for { + var block *pem.Block + block, remaining = pem.Decode(remaining) + if block == nil { + return ret, nil + } + + cert, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, err + } + + ret[string(cert.SubjectKeyId)] = cert + } +} diff --git a/ccadb/intermediates.pem b/ccadb/intermediates.pem new file mode 100644 index 0000000..9a5bbce --- /dev/null +++ b/ccadb/intermediates.pem @@ -0,0 +1,2176 @@ +File generated on 2025-03-05. + +for f in *-by-x[12].pem ; do openssl x509 -text -in $f ; done > intermediates.pem + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b3:bd:df:f8:a7:84:5b:bc:e9:03:a0:41:35:b3:4a:45 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2 + Validity + Not Before: Sep 4 00:00:00 2020 GMT + Not After : Sep 15 16:00:00 2025 GMT + Subject: C=US, O=Let's Encrypt, CN=E1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:24:5c:2d:a2:2a:fd:1c:4b:a6:5d:97:73:27:31: + ac:b2:a0:69:62:ef:65:e8:a6:b0:f0:ac:4b:9f:ff: + 1c:0b:70:0f:d3:98:2f:4d:fc:0f:00:9b:37:f0:74: + 05:57:32:97:2e:05:ef:2a:43:25:a3:fb:6e:34:27: + 13:f6:4f:7e:69:d3:02:99:5e:eb:24:47:92:c1:24: + 9b:e6:b1:21:8f:c1:24:81:fc:68:cc:1f:69:ba:58: + f5:19:22:f7:74:c6:16 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC + X509v3 Authority Key Identifier: + keyid:7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 + + Authority Information Access: + CA Issuers - URI:http://x2.i.lencr.org/ + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x2.c.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + Policy: 1.3.6.1.4.1.44947.1.1.1 + + Signature Algorithm: ecdsa-with-SHA384 + 30:64:02:30:7b:74:d5:52:13:8d:61:fe:0d:ba:3f:03:00:9d: + f3:d7:98:84:d9:57:2e:bd:e9:0f:9c:5c:48:04:21:f2:cb:b3: + 60:72:8e:97:d6:12:4f:ca:44:f6:42:c9:d3:7b:86:a9:02:30: + 5a:b1:b1:b4:ed:ea:60:99:20:b1:38:03:ca:3d:a0:26:b8:ee: + 6e:2d:4a:f6:c6:66:1f:33:9a:db:92:4a:d5:f5:29:13:c6:70: + 62:28:ba:23:8c:cf:3d:2f:cb:82:e9:7f +-----BEGIN CERTIFICATE----- +MIICxjCCAk2gAwIBAgIRALO93/inhFu86QOgQTWzSkUwCgYIKoZIzj0EAwMwTzEL +MAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNo +IEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDIwHhcNMjAwOTA0MDAwMDAwWhcN +MjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5j +cnlwdDELMAkGA1UEAxMCRTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQkXC2iKv0c +S6Zdl3MnMayyoGli72XoprDwrEuf/xwLcA/TmC9N/A8AmzfwdAVXMpcuBe8qQyWj ++240JxP2T35p0wKZXuskR5LBJJvmsSGPwSSB/GjMH2m6WPUZIvd0xhajggEIMIIB +BDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFFrz7Sv8NsI3eblSMOpUb89V +yy6sMB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEB +BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzAnBgNVHR8E +IDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYG +Z4EMAQIBMA0GCysGAQQBgt8TAQEBMAoGCCqGSM49BAMDA2cAMGQCMHt01VITjWH+ +Dbo/AwCd89eYhNlXLr3pD5xcSAQh8suzYHKOl9YST8pE9kLJ03uGqQIwWrGxtO3q +YJkgsTgDyj2gJrjubi1K9sZmHzOa25JK1fUpE8ZwYii6I4zPPS/Lgul/ +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4e:d2:3d:f6:af:7e:c7:f9:b0:c4:72:6f:f9:51:2a:77 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2 + Validity + Not Before: Sep 4 00:00:00 2020 GMT + Not After : Sep 15 16:00:00 2025 GMT + Subject: C=US, O=Let's Encrypt, CN=E2 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:23:9a:2c:ed:e5:8b:19:8d:61:55:9e:c7:e6:55: + 60:e8:93:2e:08:b4:4a:03:56:b5:4e:21:b9:f9:39: + d1:55:38:66:9f:cb:6c:15:43:c4:2b:27:b0:8e:ef: + b9:fe:31:a7:80:ae:f8:44:cd:82:01:84:c8:1a:89: + de:3f:22:53:07:b9:62:df:ea:7d:2a:d1:7f:5f:c3: + e5:1e:7c:76:e6:89:f8:8b:cb:45:77:80:49:1a:84: + 2f:e5:64:0d:7a:d6:de + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 6D:99:2A:F5:4D:02:EB:E3:11:C1:60:BA:92:6F:8D:3D:2E:F1:EA:44 + X509v3 Authority Key Identifier: + keyid:7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 + + Authority Information Access: + CA Issuers - URI:http://x2.i.lencr.org/ + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x2.c.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + Policy: 1.3.6.1.4.1.44947.1.1.1 + + Signature Algorithm: ecdsa-with-SHA384 + 30:65:02:31:00:f2:42:37:da:a9:c8:39:99:b5:7f:0a:de:6f: + 14:61:0b:ca:e7:50:6b:5d:c9:4c:e9:67:eb:75:e6:65:50:12: + b2:85:35:d4:98:50:2d:27:0e:17:e8:0d:31:f6:64:05:3c:02: + 30:25:af:cd:a3:e2:90:50:03:35:bb:7e:04:df:a9:de:2f:f6: + 5b:6b:ba:26:6e:42:0e:72:14:a0:c7:58:95:c7:3a:ad:15:61: + 9d:76:0a:06:fa:da:69:44:f5:a1:ba:18:67 +-----BEGIN CERTIFICATE----- +MIICxjCCAkygAwIBAgIQTtI99q9+x/mwxHJv+VEqdzAKBggqhkjOPQQDAzBPMQsw +CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg +R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw0y +NTA5MTUxNjAwMDBaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNy +eXB0MQswCQYDVQQDEwJFMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABCOaLO3lixmN +YVWex+ZVYOiTLgi0SgNWtU4hufk50VU4Zp/LbBVDxCsnsI7vuf4xp4Cu+ETNggGE +yBqJ3j8iUwe5Yt/qfSrRf1/D5R58duaJ+IvLRXeASRqEL+VkDXrW3qOCAQgwggEE +MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw +EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUbZkq9U0C6+MRwWC6km+NPS7x +6kQwHwYDVR0jBBgwFoAUfEKWrt5LSDv6kviejM9ti6lyN5UwMgYIKwYBBQUHAQEE +JjAkMCIGCCsGAQUFBzAChhZodHRwOi8veDIuaS5sZW5jci5vcmcvMCcGA1UdHwQg +MB4wHKAaoBiGFmh0dHA6Ly94Mi5jLmxlbmNyLm9yZy8wIgYDVR0gBBswGTAIBgZn +gQwBAgEwDQYLKwYBBAGC3xMBAQEwCgYIKoZIzj0EAwMDaAAwZQIxAPJCN9qpyDmZ +tX8K3m8UYQvK51BrXclM6WfrdeZlUBKyhTXUmFAtJw4X6A0x9mQFPAIwJa/No+KQ +UAM1u34E36neL/Zba7ombkIOchSgx1iVxzqtFWGddgoG+tppRPWhuhhn +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 83:8f:6c:63:ce:b1:39:8c:62:06:62:83:15:c9:fd:de + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=E5 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:0d:0b:3a:8a:6b:61:8e:b6:ef:dc:5f:58:e7:c6: + 42:45:54:ab:63:f6:66:61:48:0a:2e:59:75:b4:81: + 02:37:50:b7:3f:16:79:dc:98:ec:a1:28:97:72:20: + 1c:2c:cf:d5:7c:52:20:4e:54:78:5b:84:14:6b:c0: + 90:ae:85:ec:c0:51:41:3c:5a:87:7f:06:4d:d4:fe: + 60:d1:fa:6c:2d:e1:7d:95:10:88:a2:08:54:0f:99: + 1a:4c:e6:ea:0a:ac:d8 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 9F:2B:5F:CF:3C:21:4F:9D:04:B7:ED:2B:2C:C4:C6:70:8B:D2:D7:0D + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + Signature Algorithm: sha256WithRSAEncryption + 1f:72:9d:34:45:42:41:da:a4:d0:b2:b2:b8:d2:26:4c:a7:51: + 25:8d:42:da:ec:36:48:96:a3:ba:1a:a4:c8:63:d8:f0:2f:b3: + ce:cb:9f:67:e9:a0:9e:19:ea:d4:0d:8a:55:03:92:ca:43:84: + 9d:46:f1:d5:cc:ba:df:ba:c1:02:28:71:f7:ba:fe:6d:cc:1b: + 64:ce:ac:4c:32:1a:12:b8:91:fc:f2:e4:e8:b2:ac:f4:17:b4: + ba:85:71:80:e2:83:72:91:bd:b2:f0:f7:dc:9f:86:f4:b7:1f: + bf:52:bd:96:e0:e6:49:38:06:e9:73:45:20:de:6f:7c:8e:60: + b3:f9:4c:3f:2a:23:10:c7:48:cc:af:5b:95:c9:76:ff:5b:ca: + c4:ef:16:18:27:23:be:c4:35:9c:9f:cf:c2:df:0b:41:90:5f: + 38:5c:95:5c:ff:2e:6c:0a:7f:6a:ed:dd:73:81:0a:58:6f:4c: + 3b:9c:dc:c7:5a:93:f7:e3:57:44:67:55:5b:11:af:98:11:51: + 01:a8:dc:88:c7:d7:30:4d:59:b8:69:a4:df:f1:8e:92:80:0c: + ed:99:23:66:69:5e:ca:89:0f:d4:b1:b3:99:f2:5c:51:df:6c: + ed:e7:ae:d7:ff:7f:7a:0e:57:95:77:7f:e7:91:ad:62:30:0c: + f8:2e:03:1b:98:bb:79:a3:6a:72:6d:85:fb:2c:58:20:fb:7a: + 71:b6:ed:61:53:49:08:67:c7:5a:a1:c4:43:81:58:4a:d5:32: + 16:7b:fc:b2:3c:aa:53:cc:a9:81:96:8d:27:d6:95:71:64:88: + 08:b3:88:13:5f:d0:bf:fe:e8:2a:c9:d9:09:62:7d:db:ac:14: + e9:1a:86:d4:e6:0f:18:e8:b5:ce:e0:01:84:bc:3a:d5:cb:8f: + 54:34:f6:f2:74:12:fd:ee:b3:f7:97:09:5e:ad:1e:2b:50:5c: + 68:9e:9f:25:9b:26:6e:34:60:0f:9a:77:9a:f1:1f:e6:f7:50: + 33:b3:02:12:f5:34:b4:76:ec:c7:62:39:98:71:c9:a0:00:47: + 6f:c2:95:06:05:a9:fe:57:17:19:68:96:69:e3:b2:07:b4:4f: + f8:e7:c3:b6:f8:b6:3a:c6:a9:c5:78:95:ee:f3:55:b3:b7:cc: + 96:b4:63:63:58:e8:29:aa:a6:9b:27:27:06:f0:2a:d7:80:04: + 6e:dc:8b:b1:57:ce:4b:ae:81:f1:aa:64:78:55:f6:35:8e:17: + 3c:46:15:e1:94:82:7b:c5:47:3e:b7:6b:11:19:36:c0:82:c6: + dd:3f:c4:1a:64:88:90:26:15:50:c4:a7:8e:62:5d:55:00:fd: + 17:a3:5a:ff:ec:e6:5c:27 +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK +a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO +VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw +i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C +2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+ +bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG +6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV +XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO +koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq +cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI +E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e +K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX +GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL +sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd +VQD9F6Na/+zmXCc= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 18:6e:75:d4:ee:b0:a0:5d:fd:2d:a8:20:86:5d:1e:31 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=E5 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:0d:0b:3a:8a:6b:61:8e:b6:ef:dc:5f:58:e7:c6: + 42:45:54:ab:63:f6:66:61:48:0a:2e:59:75:b4:81: + 02:37:50:b7:3f:16:79:dc:98:ec:a1:28:97:72:20: + 1c:2c:cf:d5:7c:52:20:4e:54:78:5b:84:14:6b:c0: + 90:ae:85:ec:c0:51:41:3c:5a:87:7f:06:4d:d4:fe: + 60:d1:fa:6c:2d:e1:7d:95:10:88:a2:08:54:0f:99: + 1a:4c:e6:ea:0a:ac:d8 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 9F:2B:5F:CF:3C:21:4F:9D:04:B7:ED:2B:2C:C4:C6:70:8B:D2:D7:0D + X509v3 Authority Key Identifier: + keyid:7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 + + Authority Information Access: + CA Issuers - URI:http://x2.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x2.c.lencr.org/ + + Signature Algorithm: ecdsa-with-SHA384 + 30:64:02:30:1b:6d:2e:45:41:1c:45:3e:d9:5f:34:18:74:67: + 13:79:ba:ab:29:b5:b6:10:4e:83:27:4a:8b:45:4e:c7:7b:cf: + f4:40:30:1d:61:a5:e6:1c:6d:a4:90:09:92:6e:46:4b:02:30: + 46:29:18:84:34:7a:bc:fb:de:d8:1b:d8:19:a7:04:f5:cb:7e: + e7:6d:84:d9:da:8e:ea:ce:36:30:b9:a2:80:4c:2c:e6:60:12: + 4b:a9:76:aa:e8:6d:95:47:da:72:09:0c +-----BEGIN CERTIFICATE----- +MIICtDCCAjugAwIBAgIQGG511O6woF39Lagghl0eMTAKBggqhkjOPQQDAzBPMQsw +CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg +R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yNDAzMTMwMDAwMDBaFw0y +NzAzMTIyMzU5NTlaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNy +eXB0MQswCQYDVQQDEwJFNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABA0LOoprYY62 +79xfWOfGQkVUq2P2ZmFICi5ZdbSBAjdQtz8WedyY7KEol3IgHCzP1XxSIE5UeFuE +FGvAkK6F7MBRQTxah38GTdT+YNH6bC3hfZUQiKIIVA+ZGkzm6gqs2KOB+DCB9TAO +BgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIG +A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJ8rX888IU+dBLftKyzExnCL0tcN +MB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEBBCYw +JDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzATBgNVHSAEDDAK +MAgGBmeBDAECATAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5v +cmcvMAoGCCqGSM49BAMDA2cAMGQCMBttLkVBHEU+2V80GHRnE3m6qym1thBOgydK +i0VOx3vP9EAwHWGl5hxtpJAJkm5GSwIwRikYhDR6vPve2BvYGacE9ct+522E2dqO +6s42MLmigEws5mASS6l2quhtlUfacgkM +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:57:3e:91:73:97:27:70:db:b4:87:cb:3a:45:2b:38 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=E6 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d9:f1:9e:46:87:f8:21:71:60:a8:26:eb:a3:fa: + b9:ea:da:1d:b9:12:a7:d4:26:d9:51:14:b1:61:7c: + 75:96:bf:22:0b:39:1f:d5:be:d1:0a:46:aa:2d:3c: + 4a:09:84:2e:be:40:95:55:e9:19:40:37:66:75:ed: + 32:4e:77:04:49:f8:70:7b:c3:18:e7:ce:f7:71:10: + fe:ac:74:d8:00:d4:ed:6d:1c:73:16:33:10:9c:3a: + b2:ea:6c:62:f4:bd:b8 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2 + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + Signature Algorithm: sha256WithRSAEncryption + 7d:8b:7b:4a:20:35:b2:05:86:08:8a:6e:9e:4e:3a:af:80:04: + c4:84:5c:33:19:0a:81:48:4d:96:ba:ef:d4:1d:b5:84:e6:97: + 37:fe:66:88:4f:8b:39:36:eb:72:65:3f:33:dc:af:0b:a3:15: + 63:bd:f4:18:d1:68:2f:c2:21:27:c8:fc:be:b3:8b:a4:c6:36: + d8:e3:fa:6d:a4:b5:93:d6:0c:ae:d0:d3:97:02:47:a0:66:f2: + d3:84:e1:4d:47:81:0e:4b:12:f5:18:ae:1e:f8:9c:66:a0:5e: + 75:07:48:17:ae:69:66:e8:69:78:37:06:05:c2:e2:61:ab:10: + af:f1:0e:e6:0c:71:b4:bc:93:9a:0b:07:48:e5:52:05:c1:4e: + 9f:d9:60:bf:b2:c4:08:fa:bd:8b:b9:9f:1f:79:a9:c6:0a:d1: + 29:2c:47:a4:ea:19:d0:a5:cc:70:1f:a1:1e:eb:e5:92:51:e7: + b6:f7:08:d2:63:0c:43:49:a1:62:3e:aa:b4:c1:52:b6:41:75: + 46:90:86:dc:83:dd:23:0a:55:09:0a:ae:f0:65:7b:b3:cb:9b: + 92:74:73:b3:ed:c2:fc:19:b5:f5:11:4e:a2:23:e9:0e:4c:2f: + c8:d7:ef:99:0d:78:5e:4c:aa:a8:a2:b9:a1:9f:33:84:3d:f6: + 90:54:50:93:16:bc:b9:94:ae:87:86:93:22:61:71:92:7b:b7: + f7:06:81:c4:84:57:13:88:ca:c6:50:26:41:ce:10:8c:56:68: + ab:52:a6:42:a4:20:d0:9f:f5:24:5f:11:94:5b:c9:6a:cd:55: + 72:32:ef:62:5b:d4:07:6b:7a:9e:93:ba:a1:08:c1:de:5f:8f: + 35:fd:03:a5:01:fb:89:4c:77:5b:3e:40:8d:00:a2:e8:bd:b9: + 16:3c:84:d3:aa:ba:05:9f:d0:96:6b:58:76:5f:fc:65:86:a8: + e1:24:6a:3c:4b:3f:e9:c0:22:17:e4:1f:e7:38:36:52:46:96: + b4:3a:61:97:52:ca:32:e4:cd:2e:8b:6f:b1:7f:7d:1c:fe:bd: + 57:67:da:37:27:a0:a1:d4:34:2f:24:c0:a6:bf:ef:4f:4d:58: + 3c:4e:3a:bc:db:03:2e:02:be:e1:c2:fa:4e:bc:c2:fd:ae:16: + 72:61:79:49:12:7d:df:cc:eb:bf:f7:6e:24:72:d7:40:89:2e: + e6:fd:3e:13:03:b2:e7:d1:dd:9b:43:d3:fc:4a:ff:f3:87:43: + 57:40:92:8d:d4:7f:d9:7b:99:33:79:29:ca:c4:8a:2e:00:f5: + 70:a8:83:03:e2:11:82:e3:83:0b:17:ce:f5:cc:98:22:0e:3a: + bf:d9:85:98:1b:f2:1f:4e +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G +h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV +6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj +v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc +MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL +pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp +eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH +pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 +s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu +h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv +YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 +ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 +LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ +EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY +Ig46v9mFmBvyH04= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 80:a9:73:48:ef:27:68:a9:e3:f6:bb:43:c0:f9:c6:29 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=E6 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d9:f1:9e:46:87:f8:21:71:60:a8:26:eb:a3:fa: + b9:ea:da:1d:b9:12:a7:d4:26:d9:51:14:b1:61:7c: + 75:96:bf:22:0b:39:1f:d5:be:d1:0a:46:aa:2d:3c: + 4a:09:84:2e:be:40:95:55:e9:19:40:37:66:75:ed: + 32:4e:77:04:49:f8:70:7b:c3:18:e7:ce:f7:71:10: + fe:ac:74:d8:00:d4:ed:6d:1c:73:16:33:10:9c:3a: + b2:ea:6c:62:f4:bd:b8 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2 + X509v3 Authority Key Identifier: + keyid:7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 + + Authority Information Access: + CA Issuers - URI:http://x2.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x2.c.lencr.org/ + + Signature Algorithm: ecdsa-with-SHA384 + 30:65:02:30:60:18:cb:c0:b3:38:42:77:50:6c:46:e3:30:19: + 80:82:d1:00:b3:7f:97:7f:fc:c0:b9:01:2a:88:ca:cc:23:de: + 11:9c:a1:94:44:38:a0:ca:76:f2:4f:1e:18:1d:66:bf:02:31: + 00:96:ab:82:a3:97:f4:66:b8:5e:3d:2c:1a:bd:78:fe:e8:19: + 60:1c:e7:9c:38:1b:bd:85:a0:ac:39:6b:d5:b2:c1:2c:01:ce: + 82:6e:9e:b6:b2:4c:1f:27:0d:28:c4:86:ef +-----BEGIN CERTIFICATE----- +MIICtjCCAjygAwIBAgIRAICpc0jvJ2ip4/a7Q8D5xikwCgYIKoZIzj0EAwMwTzEL +MAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNo +IEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDIwHhcNMjQwMzEzMDAwMDAwWhcN +MjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5j +cnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5Gh/gh +cWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV6RlA +N2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgwgfUw +DgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAS +BgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsjv1iU +0jAfBgNVHSMEGDAWgBR8Qpau3ktIO/qS+J6Mz22LqXI3lTAyBggrBgEFBQcBAQQm +MCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94Mi5pLmxlbmNyLm9yZy8wEwYDVR0gBAww +CjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gyLmMubGVuY3Iu +b3JnLzAKBggqhkjOPQQDAwNoADBlAjBgGMvAszhCd1BsRuMwGYCC0QCzf5d//MC5 +ASqIyswj3hGcoZREOKDKdvJPHhgdZr8CMQCWq4Kjl/RmuF49LBq9eP7oGWAc55w4 +G72FoKw5a9WywSwBzoJunrayTB8nDSjEhu8= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + aa:75:f1:e6:2b:8f:0a:22:09:66:d3:8b:bf:d4:ba:a1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=E7 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:41:e8:04:93:08:58:7f:be:37:30:0c:c0:a0:41: + ea:fe:56:da:84:93:3e:c9:00:db:ab:67:12:cf:f9: + 4f:53:09:e8:a8:2f:ab:29:e5:9f:15:46:f4:5b:62: + 4e:0f:d4:83:41:99:b7:9f:40:72:45:1c:2c:5c:4a: + 32:a6:c2:db:c6:05:6a:65:ff:da:da:f0:75:b4:40: + 3b:14:68:95:b6:a8:e2:6a:71:e2:74:65:51:53:de: + 16:d4:1e:27:c1:33:fd + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + AE:48:9E:DC:87:1D:44:A0:6F:DA:A2:E5:60:74:04:78:C2:9C:00:80 + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + Signature Algorithm: sha256WithRSAEncryption + 8f:1e:ba:7c:37:4b:93:9c:b0:16:7d:c2:cc:0d:70:d6:a7:f2: + 94:75:03:68:47:f4:41:9a:57:70:9b:1e:75:d2:46:49:f6:d4: + 50:eb:db:35:1f:4d:fd:04:35:e8:ad:65:5e:5e:15:17:28:66: + 19:70:d3:e4:a7:5f:72:bd:11:bc:82:15:ac:dc:45:87:89:6a: + 1e:d4:51:08:fe:91:05:1b:2d:a9:b6:76:cd:44:60:a9:a9:27: + fd:78:a9:d2:26:90:2f:42:1d:7c:70:59:af:7f:7a:16:09:27: + 9e:24:58:15:c9:0a:39:13:c6:c8:cd:d0:2a:77:7a:ea:0b:4c: + b2:df:08:e6:79:11:42:50:20:fc:96:fe:19:cd:de:80:8b:ee: + 18:a5:9b:a0:4d:46:f3:d3:53:b0:df:4b:4c:30:f7:3c:b8:f4: + 75:43:2b:38:8b:aa:56:32:c1:f2:91:02:eb:29:3d:7a:7a:e5: + ae:a8:d7:42:09:0b:11:88:57:ce:ae:dd:2d:a7:ef:e5:59:22: + 83:a1:a5:d2:7b:ae:aa:3a:9f:a7:44:35:6e:2d:68:c9:53:40: + 95:77:ba:69:45:f0:f7:60:9c:82:10:bd:6c:db:0a:10:ed:7e: + 33:9d:98:63:9f:a8:7c:85:e5:4b:f4:84:41:bb:d5:61:80:4b: + 67:9c:9e:8a:09:55:ea:dd:d2:33:a1:fe:bd:31:b4:68:ff:58: + 1f:32:e7:fc:a5:4e:1f:31:90:7d:70:cf:ee:a3:39:b6:47:fe: + ed:d8:99:7b:ba:36:7f:0e:8e:ec:8b:cd:e9:fb:10:5c:44:10: + 8f:c4:c9:51:72:71:bf:6f:ee:26:17:2e:cb:fb:52:0e:05:f0: + 1c:cf:14:93:7e:16:35:b4:53:ef:31:93:1a:44:11:5f:48:2c: + 6e:30:1e:6b:f8:d8:02:85:af:d1:9b:d0:47:0a:6a:3d:ee:fd: + 0f:f8:bb:09:ea:7c:a9:69:c0:fb:b0:04:ff:70:77:4b:fd:dd: + 10:46:26:73:49:69:7b:5d:fa:e8:0f:fa:18:48:24:de:4b:6b: + f4:f1:28:42:b2:c2:86:ce:88:b6:ed:f0:9c:d2:c1:d9:eb:82: + f0:82:86:2d:01:69:1a:d3:8e:ff:6f:e1:88:02:a3:c9:a8:da: + 04:fd:b9:c3:58:c5:d1:69:7c:05:ba:a7:7b:7b:99:da:ad:46: + c8:f1:49:61:19:93:ef:f3:97:a6:63:87:fc:55:4b:b7:04:be: + f2:78:35:70:09:a9:0a:e8:cf:c2:d7:89:64:d7:03:1b:4b:05: + da:7f:ec:73:4f:92:41:fe:3d:7d:dc:94:2b:4b:72:f9:55:30: + 16:3f:6d:99:6c:72:47:f3 +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRAKp18eYrjwoiCWbTi7/UuqEwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARB6AST +CFh/vjcwDMCgQer+VtqEkz7JANurZxLP+U9TCeioL6sp5Z8VRvRbYk4P1INBmbef +QHJFHCxcSjKmwtvGBWpl/9ra8HW0QDsUaJW2qOJqceJ0ZVFT3hbUHifBM/2jgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSuSJ7chx1EoG/aouVgdAR4 +wpwAgDAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAjx66fDdLk5ywFn3CzA1w1qfylHUD +aEf0QZpXcJseddJGSfbUUOvbNR9N/QQ16K1lXl4VFyhmGXDT5Kdfcr0RvIIVrNxF +h4lqHtRRCP6RBRstqbZ2zURgqakn/Xip0iaQL0IdfHBZr396FgknniRYFckKORPG +yM3QKnd66gtMst8I5nkRQlAg/Jb+Gc3egIvuGKWboE1G89NTsN9LTDD3PLj0dUMr +OIuqVjLB8pEC6yk9enrlrqjXQgkLEYhXzq7dLafv5Vkig6Gl0nuuqjqfp0Q1bi1o +yVNAlXe6aUXw92CcghC9bNsKEO1+M52YY5+ofIXlS/SEQbvVYYBLZ5yeiglV6t3S +M6H+vTG0aP9YHzLn/KVOHzGQfXDP7qM5tkf+7diZe7o2fw6O7IvN6fsQXEQQj8TJ +UXJxv2/uJhcuy/tSDgXwHM8Uk34WNbRT7zGTGkQRX0gsbjAea/jYAoWv0ZvQRwpq +Pe79D/i7Cep8qWnA+7AE/3B3S/3dEEYmc0lpe1366A/6GEgk3ktr9PEoQrLChs6I +tu3wnNLB2euC8IKGLQFpGtOO/2/hiAKjyajaBP25w1jF0Wl8Bbqne3uZ2q1GyPFJ +YRmT7/OXpmOH/FVLtwS+8ng1cAmpCujPwteJZNcDG0sF2n/sc0+SQf49fdyUK0ty ++VUwFj9tmWxyR/M= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c5:8a:85:a2:c6:23:45:e0:a8:c4:52:53:87:9f:59:3a + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=E7 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:41:e8:04:93:08:58:7f:be:37:30:0c:c0:a0:41: + ea:fe:56:da:84:93:3e:c9:00:db:ab:67:12:cf:f9: + 4f:53:09:e8:a8:2f:ab:29:e5:9f:15:46:f4:5b:62: + 4e:0f:d4:83:41:99:b7:9f:40:72:45:1c:2c:5c:4a: + 32:a6:c2:db:c6:05:6a:65:ff:da:da:f0:75:b4:40: + 3b:14:68:95:b6:a8:e2:6a:71:e2:74:65:51:53:de: + 16:d4:1e:27:c1:33:fd + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + AE:48:9E:DC:87:1D:44:A0:6F:DA:A2:E5:60:74:04:78:C2:9C:00:80 + X509v3 Authority Key Identifier: + keyid:7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 + + Authority Information Access: + CA Issuers - URI:http://x2.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x2.c.lencr.org/ + + Signature Algorithm: ecdsa-with-SHA384 + 30:66:02:31:00:fd:ee:4d:fb:08:c0:93:de:39:72:96:85:c4: + 66:9e:30:2d:77:7f:2b:dd:6c:dc:d7:95:18:3d:1c:d7:44:97: + 18:b9:99:77:48:e1:ac:f6:0b:29:0d:53:4e:e2:17:0a:84:02: + 31:00:8a:13:c2:0e:4c:38:6f:50:6f:7c:b8:3c:54:d2:cb:b9: + a3:29:9f:54:5b:67:5e:bc:d9:c8:51:eb:33:51:0a:c7:b2:89: + ee:12:8f:24:c2:76:4b:ec:01:af:a8:99:04:9f +-----BEGIN CERTIFICATE----- +MIICtzCCAjygAwIBAgIRAMWKhaLGI0XgqMRSU4efWTowCgYIKoZIzj0EAwMwTzEL +MAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNo +IEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDIwHhcNMjQwMzEzMDAwMDAwWhcN +MjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5j +cnlwdDELMAkGA1UEAxMCRTcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARB6ASTCFh/ +vjcwDMCgQer+VtqEkz7JANurZxLP+U9TCeioL6sp5Z8VRvRbYk4P1INBmbefQHJF +HCxcSjKmwtvGBWpl/9ra8HW0QDsUaJW2qOJqceJ0ZVFT3hbUHifBM/2jgfgwgfUw +DgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAS +BgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSuSJ7chx1EoG/aouVgdAR4wpwA +gDAfBgNVHSMEGDAWgBR8Qpau3ktIO/qS+J6Mz22LqXI3lTAyBggrBgEFBQcBAQQm +MCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94Mi5pLmxlbmNyLm9yZy8wEwYDVR0gBAww +CjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gyLmMubGVuY3Iu +b3JnLzAKBggqhkjOPQQDAwNpADBmAjEA/e5N+wjAk945cpaFxGaeMC13fyvdbNzX +lRg9HNdElxi5mXdI4az2CykNU07iFwqEAjEAihPCDkw4b1BvfLg8VNLLuaMpn1Rb +Z1682chR6zNRCseyie4SjyTCdkvsAa+omQSf +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 63:95:93:63:c2:4e:70:82:71:59:18:bf:c3:d7:ed:56 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=E8 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d1:65:f2:5e:dc:4b:b4:0c:02:9c:d2:b2:fa:ee: + e9:6c:ab:3a:ae:38:a1:f4:d4:39:32:33:c5:42:d4: + cc:33:0c:34:c7:21:20:90:70:5c:e8:62:2f:1c:71: + b3:42:d7:79:be:46:0d:c1:db:47:a1:13:a0:c7:df: + 81:26:63:3b:d4:8d:1d:f6:3d:82:33:32:f6:f4:2b: + e7:f5:96:3a:b4:13:67:18:7b:6b:3e:8d:48:d9:ea: + de:ed:ae:6d:3e:87:4c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 8F:0D:13:A2:F6:2E:7E:D1:50:6C:33:18:38:5D:59:8E:23:72:91:CA + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + Signature Algorithm: sha256WithRSAEncryption + 67:13:48:46:20:d2:ac:09:85:a2:d1:7c:75:ca:0c:43:e6:a8: + a1:12:36:74:44:8d:ed:4d:9c:f5:c2:e0:13:1f:76:70:60:f2: + 29:f7:b9:16:11:ac:9a:9c:3d:63:d1:c0:e1:21:8c:f2:e0:29: + 03:a3:68:c1:f0:3e:6d:d1:ae:b3:65:6c:e5:af:df:1d:01:01: + 4d:87:cb:8a:26:42:07:74:b4:a1:cb:e9:d4:c9:e6:71:73:96: + cd:78:ca:75:2e:ed:20:4b:31:38:31:ca:9f:98:d3:2f:22:97: + a2:c1:64:98:3b:dc:3c:d8:e6:fc:a2:db:d7:70:ed:89:51:88: + b7:b2:f1:c8:59:19:b7:fb:bd:3b:0d:46:cb:e7:55:cc:71:8d: + a2:65:d9:42:ab:85:9a:f6:76:ee:93:75:93:53:88:2b:e8:b6: + 3c:33:35:40:68:34:06:db:ee:14:dd:e2:7a:a9:41:75:d1:b0: + 67:47:5b:ae:57:20:d8:b3:d4:61:af:0b:9c:45:59:df:b8:38: + f6:f4:23:0b:4e:ca:65:33:97:f9:c1:25:79:85:4a:66:53:0a: + 7f:bd:5e:cc:e3:0e:1a:1a:e9:ed:ef:89:28:5f:bd:67:e0:47: + 5a:80:2b:0b:fd:89:39:fa:60:10:53:4f:ad:b9:ed:09:39:f0: + 15:fd:1e:ad:d6:4f:97:93:db:36:1c:c4:05:7a:8c:69:a5:fc: + c0:54:2d:38:15:d1:bd:33:e0:02:d8:95:b1:98:54:ad:e8:10: + ae:87:70:84:7b:2d:df:13:9d:90:ae:3f:58:33:be:6b:b6:f2: + 23:b2:6f:f5:1e:5f:ae:ff:f5:aa:c6:7b:b5:65:0e:23:a5:af: + 95:a6:e6:62:18:e9:56:ae:a4:8f:f5:ea:20:74:e8:42:1a:2b: + 27:c9:ec:16:27:04:50:3a:a2:b5:eb:08:86:c9:97:91:c6:cf: + c1:7a:4c:3a:e6:fc:12:21:a5:64:06:bb:8f:89:37:cc:3a:8d: + 19:87:88:15:6b:cf:ea:26:03:1b:25:bc:ab:c3:01:bd:ef:3f: + cf:46:09:8b:28:20:e5:f3:3d:dd:b4:0d:19:ee:aa:bb:7e:d6: + b4:1a:5d:b8:bb:2b:81:d3:97:6a:23:92:75:2e:f0:33:2a:e5: + 9d:22:34:f5:b4:ff:2a:0a:8c:52:13:fc:69:8b:1f:21:5f:67: + 6d:de:1f:bf:8e:e8:d4:80:53:c5:67:41:15:67:4c:52:c8:13: + 51:17:73:1b:a0:66:67:61:71:54:c6:93:63:4d:63:ca:a5:a8: + 03:1c:94:26:aa:b0:1c:0e:65:89:9c:cb:05:63:78:d2:bb:58: + a0:bf:73:9e:7e:75:a3:49 +-----BEGIN CERTIFICATE----- +MIIEVjCCAj6gAwIBAgIQY5WTY8JOcIJxWRi/w9ftVjANBgkqhkiG9w0BAQsFADBP +MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy +Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa +Fw0yNzAzMTIyMzU5NTlaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF +bmNyeXB0MQswCQYDVQQDEwJFODB2MBAGByqGSM49AgEGBSuBBAAiA2IABNFl8l7c +S7QMApzSsvru6WyrOq44ofTUOTIzxULUzDMMNMchIJBwXOhiLxxxs0LXeb5GDcHb +R6EToMffgSZjO9SNHfY9gjMy9vQr5/WWOrQTZxh7az6NSNnq3u2ubT6HTKOB+DCB +9TAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFI8NE6L2Ln7RUGwzGDhdWY4j +cpHKMB8GA1UdIwQYMBaAFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEB +BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzATBgNVHSAE +DDAKMAgGBmeBDAECATAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDEuYy5sZW5j +ci5vcmcvMA0GCSqGSIb3DQEBCwUAA4ICAQBnE0hGINKsCYWi0Xx1ygxD5qihEjZ0 +RI3tTZz1wuATH3ZwYPIp97kWEayanD1j0cDhIYzy4CkDo2jB8D5t0a6zZWzlr98d +AQFNh8uKJkIHdLShy+nUyeZxc5bNeMp1Lu0gSzE4McqfmNMvIpeiwWSYO9w82Ob8 +otvXcO2JUYi3svHIWRm3+707DUbL51XMcY2iZdlCq4Wa9nbuk3WTU4gr6LY8MzVA +aDQG2+4U3eJ6qUF10bBnR1uuVyDYs9RhrwucRVnfuDj29CMLTsplM5f5wSV5hUpm +Uwp/vV7M4w4aGunt74koX71n4EdagCsL/Yk5+mAQU0+tue0JOfAV/R6t1k+Xk9s2 +HMQFeoxppfzAVC04FdG9M+AC2JWxmFSt6BCuh3CEey3fE52Qrj9YM75rtvIjsm/1 +Hl+u//Wqxnu1ZQ4jpa+VpuZiGOlWrqSP9eogdOhCGisnyewWJwRQOqK16wiGyZeR +xs/Bekw65vwSIaVkBruPiTfMOo0Zh4gVa8/qJgMbJbyrwwG97z/PRgmLKCDl8z3d +tA0Z7qq7fta0Gl24uyuB05dqI5J1LvAzKuWdIjT1tP8qCoxSE/xpix8hX2dt3h+/ +jujUgFPFZ0EVZ0xSyBNRF3MboGZnYXFUxpNjTWPKpagDHJQmqrAcDmWJnMsFY3jS +u1igv3OefnWjSQ== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7e:8f:14:5f:87:b1:59:33:2d:7f:d4:08:2b:82:6b:69 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=E8 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d1:65:f2:5e:dc:4b:b4:0c:02:9c:d2:b2:fa:ee: + e9:6c:ab:3a:ae:38:a1:f4:d4:39:32:33:c5:42:d4: + cc:33:0c:34:c7:21:20:90:70:5c:e8:62:2f:1c:71: + b3:42:d7:79:be:46:0d:c1:db:47:a1:13:a0:c7:df: + 81:26:63:3b:d4:8d:1d:f6:3d:82:33:32:f6:f4:2b: + e7:f5:96:3a:b4:13:67:18:7b:6b:3e:8d:48:d9:ea: + de:ed:ae:6d:3e:87:4c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 8F:0D:13:A2:F6:2E:7E:D1:50:6C:33:18:38:5D:59:8E:23:72:91:CA + X509v3 Authority Key Identifier: + keyid:7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 + + Authority Information Access: + CA Issuers - URI:http://x2.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x2.c.lencr.org/ + + Signature Algorithm: ecdsa-with-SHA384 + 30:65:02:31:00:a5:b1:43:49:75:7d:fa:18:4f:a8:db:20:df: + ec:bd:36:9b:73:f7:12:55:56:44:b9:6c:e5:9c:8b:60:f8:dc: + 35:a9:81:c5:10:7d:81:96:28:8f:6e:26:19:9b:4f:dc:69:02: + 30:04:99:70:02:e0:ea:4a:52:72:89:aa:20:88:d5:1d:74:54: + 43:9d:34:71:d9:78:e2:7e:df:87:1c:28:90:ba:3f:95:59:4e: + f1:8c:87:c0:08:bb:7a:34:c7:b6:fc:3d:56 +-----BEGIN CERTIFICATE----- +MIICtTCCAjugAwIBAgIQfo8UX4exWTMtf9QIK4JraTAKBggqhkjOPQQDAzBPMQsw +CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg +R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yNDAzMTMwMDAwMDBaFw0y +NzAzMTIyMzU5NTlaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNy +eXB0MQswCQYDVQQDEwJFODB2MBAGByqGSM49AgEGBSuBBAAiA2IABNFl8l7cS7QM +ApzSsvru6WyrOq44ofTUOTIzxULUzDMMNMchIJBwXOhiLxxxs0LXeb5GDcHbR6ET +oMffgSZjO9SNHfY9gjMy9vQr5/WWOrQTZxh7az6NSNnq3u2ubT6HTKOB+DCB9TAO +BgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIG +A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFI8NE6L2Ln7RUGwzGDhdWY4jcpHK +MB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEBBCYw +JDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzATBgNVHSAEDDAK +MAgGBmeBDAECATAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5v +cmcvMAoGCCqGSM49BAMDA2gAMGUCMQClsUNJdX36GE+o2yDf7L02m3P3ElVWRLls +5ZyLYPjcNamBxRB9gZYoj24mGZtP3GkCMASZcALg6kpScomqIIjVHXRUQ500cdl4 +4n7fhxwokLo/lVlO8YyHwAi7ejTHtvw9Vg== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3f:13:10:e0:90:d6:aa:ba:39:c5:b7:38:8b:de:dc:13 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=E9 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:a0:5c:dc:45:9f:3b:ac:e6:02:a9:58:49:5d:0c: + 15:3a:22:02:7c:e9:a6:8d:59:48:97:db:5c:68:e9: + ae:30:64:c9:d1:5b:60:17:a4:72:0a:e5:24:49:ad: + e7:bf:3b:47:83:f5:82:b6:cf:b6:07:77:a1:40:65: + 7e:83:33:58:78:a1:a6:35:d6:92:88:ef:95:c7:8c: + 99:46:2a:bd:56:d0:73:7f:69:08:3d:d1:89:88:c3: + 0a:be:d6:a6:e2:2a:73 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 5D:77:D1:4D:AC:4D:22:78:59:B2:86:59:8E:43:1C:B7:64:59:13:41 + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + Signature Algorithm: sha256WithRSAEncryption + 57:9c:b4:a5:73:41:9e:9e:cc:7d:97:09:70:1c:eb:a3:ea:06: + 9f:c1:21:c8:13:1e:00:84:f8:c3:e9:a3:0e:09:fb:8c:3f:98: + 84:9f:73:1b:d5:06:9d:4d:96:9f:43:4e:f9:49:64:28:d6:7a: + 63:67:26:87:e4:cd:4d:f1:c7:b0:1a:8d:bf:d9:f8:dc:cf:ed: + a3:a0:20:1e:5c:1c:53:01:b2:22:38:86:da:27:08:e0:79:45: + d0:00:5b:69:6f:b3:9f:7d:97:63:ed:f9:8d:e5:d0:29:95:6b: + 9a:bb:7b:2c:63:bb:e1:98:c7:c8:cf:13:16:ec:82:e3:d1:4c: + 23:f7:d0:06:b6:0e:98:42:6a:39:51:51:49:6c:bb:b8:d6:c4: + e9:2d:71:4f:e1:e7:88:e4:bf:9c:6e:c1:f1:80:c9:d7:68:70: + 7b:1b:55:a5:1e:d9:72:a7:68:83:95:fc:c7:75:1d:bc:18:17: + f4:e5:9b:5e:c7:f4:bf:93:01:4f:dd:35:03:e6:e7:54:a5:a1: + 99:ff:00:0c:f1:5c:f4:3e:71:12:d1:83:7d:3f:09:20:7f:3d: + 64:c4:13:b7:ec:4d:67:98:6b:45:f2:60:55:cc:1b:c6:02:25: + 4b:d8:07:e0:0e:7e:9e:68:ab:9e:ad:6a:db:b5:71:01:0a:9d: + 09:6b:03:dc:25:16:11:46:ed:de:96:9d:5f:aa:4b:e2:84:c2: + 81:c1:7c:00:e3:18:cc:e0:13:af:6c:60:cf:af:dc:e4:14:df: + 0d:4f:0b:cb:da:c3:ae:2c:34:65:5f:a6:55:e8:82:c9:de:e1: + 0c:b8:9d:7b:f1:bf:9f:53:29:ad:02:bb:1b:6d:2b:1b:70:25: + bc:c9:bf:79:83:2f:5c:a2:b4:ba:44:b0:8d:0f:c1:94:e7:e6: + a6:a4:dc:e0:37:1d:3e:3c:fe:d0:14:fe:3f:7a:a2:c2:eb:c0: + 89:34:e7:2d:6f:97:83:c1:b1:ac:98:5d:6f:ad:f9:6d:7a:76: + 14:df:be:65:7b:a1:59:20:b8:cf:f0:ee:bd:84:3d:c1:3e:b3: + 48:89:ef:15:96:ba:81:4a:20:e0:33:e6:45:fc:4e:2e:c1:c3: + 71:53:ad:ad:62:62:ac:f7:f5:99:c8:c2:40:47:4f:38:7e:41: + 30:5c:ec:37:db:6c:7a:38:2c:33:c9:e9:99:56:ad:e4:60:a1: + 60:d3:2f:e6:13:d3:58:53:c8:a3:06:45:01:07:7b:96:d4:00: + b8:6e:d1:82:39:2a:3d:72:71:33:f5:39:51:3b:51:ce:a3:b0: + cc:66:4b:ae:cf:92:b4:45:c6:a5:d0:b1:8b:2f:5d:5d:2a:c0: + 29:c3:04:89:2d:16:e1:ec +-----BEGIN CERTIFICATE----- +MIIEVjCCAj6gAwIBAgIQPxMQ4JDWqro5xbc4i97cEzANBgkqhkiG9w0BAQsFADBP +MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy +Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa +Fw0yNzAzMTIyMzU5NTlaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF +bmNyeXB0MQswCQYDVQQDEwJFOTB2MBAGByqGSM49AgEGBSuBBAAiA2IABKBc3EWf +O6zmAqlYSV0MFToiAnzppo1ZSJfbXGjprjBkydFbYBekcgrlJEmt5787R4P1grbP +tgd3oUBlfoMzWHihpjXWkojvlceMmUYqvVbQc39pCD3RiYjDCr7WpuIqc6OB+DCB +9TAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFF130U2sTSJ4WbKGWY5DHLdk +WRNBMB8GA1UdIwQYMBaAFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEB +BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzATBgNVHSAE +DDAKMAgGBmeBDAECATAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDEuYy5sZW5j +ci5vcmcvMA0GCSqGSIb3DQEBCwUAA4ICAQBXnLSlc0Gensx9lwlwHOuj6gafwSHI +Ex4AhPjD6aMOCfuMP5iEn3Mb1QadTZafQ075SWQo1npjZyaH5M1N8cewGo2/2fjc +z+2joCAeXBxTAbIiOIbaJwjgeUXQAFtpb7OffZdj7fmN5dAplWuau3ssY7vhmMfI +zxMW7ILj0Uwj99AGtg6YQmo5UVFJbLu41sTpLXFP4eeI5L+cbsHxgMnXaHB7G1Wl +Htlyp2iDlfzHdR28GBf05Ztex/S/kwFP3TUD5udUpaGZ/wAM8Vz0PnES0YN9Pwkg +fz1kxBO37E1nmGtF8mBVzBvGAiVL2AfgDn6eaKuerWrbtXEBCp0JawPcJRYRRu3e +lp1fqkvihMKBwXwA4xjM4BOvbGDPr9zkFN8NTwvL2sOuLDRlX6ZV6ILJ3uEMuJ17 +8b+fUymtArsbbSsbcCW8yb95gy9corS6RLCND8GU5+ampNzgNx0+PP7QFP4/eqLC +68CJNOctb5eDwbGsmF1vrfltenYU375le6FZILjP8O69hD3BPrNIie8VlrqBSiDg +M+ZF/E4uwcNxU62tYmKs9/WZyMJAR084fkEwXOw322x6OCwzyemZVq3kYKFg0y/m +E9NYU8ijBkUBB3uW1AC4btGCOSo9cnEz9TlRO1HOo7DMZkuuz5K0Rcal0LGLL11d +KsApwwSJLRbh7A== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:4c:37:d4:be:74:fc:42:33:88:c6:a8:40:4a:c0:22 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=E9 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:a0:5c:dc:45:9f:3b:ac:e6:02:a9:58:49:5d:0c: + 15:3a:22:02:7c:e9:a6:8d:59:48:97:db:5c:68:e9: + ae:30:64:c9:d1:5b:60:17:a4:72:0a:e5:24:49:ad: + e7:bf:3b:47:83:f5:82:b6:cf:b6:07:77:a1:40:65: + 7e:83:33:58:78:a1:a6:35:d6:92:88:ef:95:c7:8c: + 99:46:2a:bd:56:d0:73:7f:69:08:3d:d1:89:88:c3: + 0a:be:d6:a6:e2:2a:73 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 5D:77:D1:4D:AC:4D:22:78:59:B2:86:59:8E:43:1C:B7:64:59:13:41 + X509v3 Authority Key Identifier: + keyid:7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 + + Authority Information Access: + CA Issuers - URI:http://x2.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x2.c.lencr.org/ + + Signature Algorithm: ecdsa-with-SHA384 + 30:64:02:30:15:ac:0f:7a:1b:34:26:f2:c8:af:b0:98:0e:69: + 7a:09:7a:1b:85:44:20:40:33:2f:bc:0c:6f:36:ba:93:1e:0a: + ec:2b:c1:cd:a1:d0:c4:a9:7e:ae:81:70:39:10:7c:7e:02:30: + 4b:7e:2e:13:a8:06:8a:32:32:d0:2d:97:9f:eb:e3:78:2a:a7: + f3:16:62:92:1a:b6:5d:fd:71:49:80:ee:62:aa:56:f5:85:49: + d4:eb:b6:be:a9:b9:61:91:42:21:7f:a7 +-----BEGIN CERTIFICATE----- +MIICtDCCAjugAwIBAgIQL0w31L50/EIziMaoQErAIjAKBggqhkjOPQQDAzBPMQsw +CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg +R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yNDAzMTMwMDAwMDBaFw0y +NzAzMTIyMzU5NTlaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNy +eXB0MQswCQYDVQQDEwJFOTB2MBAGByqGSM49AgEGBSuBBAAiA2IABKBc3EWfO6zm +AqlYSV0MFToiAnzppo1ZSJfbXGjprjBkydFbYBekcgrlJEmt5787R4P1grbPtgd3 +oUBlfoMzWHihpjXWkojvlceMmUYqvVbQc39pCD3RiYjDCr7WpuIqc6OB+DCB9TAO +BgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIG +A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFF130U2sTSJ4WbKGWY5DHLdkWRNB +MB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEBBCYw +JDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzATBgNVHSAEDDAK +MAgGBmeBDAECATAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5v +cmcvMAoGCCqGSM49BAMDA2cAMGQCMBWsD3obNCbyyK+wmA5pegl6G4VEIEAzL7wM +bza6kx4K7CvBzaHQxKl+roFwORB8fgIwS34uE6gGijIy0C2Xn+vjeCqn8xZikhq2 +Xf1xSYDuYqpW9YVJ1Ou2vqm5YZFCIX+n +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4b:a8:52:93:f7:9a:2f:a2:73:06:4b:a8:04:8d:75:d0 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=R10 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cf:57:e5:e6:c4:54:12:ed:b4:47:fe:c9:27:58: + 76:46:50:28:8c:1d:3e:88:df:05:9d:d5:b5:18:29: + bd:dd:b5:5a:bf:fa:f6:ce:a3:be:af:00:21:4b:62: + 5a:5a:3c:01:2f:c5:58:03:f6:89:ff:8e:11:43:eb: + c1:b5:e0:14:07:96:8f:6f:1f:d7:e7:ba:81:39:09: + 75:65:b7:c2:af:18:5b:37:26:28:e7:a3:f4:07:2b: + 6d:1a:ff:ab:58:bc:95:ae:40:ff:e9:cb:57:c4:b5: + 5b:7f:78:0d:18:61:bc:17:e7:54:c6:bb:49:91:cd: + 6e:18:d1:80:85:ee:a6:65:36:bc:74:ea:bc:50:4c: + ea:fc:21:f3:38:16:93:94:ba:b0:d3:6b:38:06:cd: + 16:12:7a:ca:52:75:c8:ad:76:b2:c2:9c:5d:98:45: + 5c:6f:61:7b:c6:2d:ee:3c:13:52:86:01:d9:57:e6: + 38:1c:df:8d:b5:1f:92:91:9a:e7:4a:1c:cc:45:a8: + 72:55:f0:b0:e6:a3:07:ec:fd:a7:1b:66:9e:3f:48: + 8b:71:84:71:58:c9:3a:fa:ef:5e:f2:5b:44:2b:3c: + 74:e7:8f:b2:47:c1:07:6a:cd:9a:b7:0d:96:f7:12: + 81:26:51:54:0a:ec:61:f6:f7:f5:e2:f2:8a:c8:95: + 0d:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8 + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + Signature Algorithm: sha256WithRSAEncryption + 92:b1:e7:41:37:eb:79:9d:81:e6:cd:e2:25:e1:3a:20:e9:90: + 44:95:a3:81:5c:cf:c3:5d:fd:bd:a0:70:d5:b1:96:28:22:0b: + d2:f2:28:cf:0c:e7:d4:e6:43:8c:24:22:1d:c1:42:92:d1:09: + af:9f:4b:f4:c8:70:4f:20:16:b1:5a:dd:01:f6:1f:f8:1f:61: + 6b:14:27:b0:72:8d:63:ae:ee:e2:ce:4b:cf:37:dd:bb:a3:d4: + cd:e7:ad:50:ad:bd:bf:e3:ec:3e:62:36:70:99:31:a7:e8:8d: + dd:ea:62:e2:12:ae:f5:9c:d4:3d:2c:0c:aa:d0:9c:79:be:ea: + 3d:5c:44:6e:96:31:63:5a:7d:d6:7e:4f:24:a0:4b:05:7f:5e: + 6f:d2:d4:ea:5f:33:4b:13:d6:57:b6:ca:de:51:b8:5d:a3:09: + 82:74:fd:c7:78:9e:b3:b9:ac:16:da:4a:2b:96:c3:b6:8b:62: + 8f:f9:74:19:a2:9e:03:de:e9:6f:9b:b0:0f:d2:a0:5a:f6:85: + 5c:c2:04:b7:c8:d5:4e:32:c4:bf:04:5d:bc:29:f6:f7:81:8f: + 0c:5d:3c:53:c9:40:90:8b:fb:b6:08:65:b9:a4:21:d5:09:e5: + 13:84:84:37:82:ce:10:28:fc:76:c2:06:25:7a:46:52:4d:da: + 53:72:a4:27:3f:62:70:ac:be:69:48:00:fb:67:0f:db:5b:a1: + e8:d7:03:21:2d:d7:c9:f6:99:42:39:83:43:df:77:0a:12:08: + f1:25:d6:ba:94:19:54:18:88:a5:c5:8e:e1:1a:99:93:79:6b: + ec:1c:f9:31:40:b0:cc:32:00:df:9f:5e:e7:b4:92:ab:90:82: + 91:8d:0d:e0:1e:95:ba:59:3b:2e:4b:5f:c2:b7:46:35:52:39: + 06:c0:bd:aa:ac:52:c1:22:a0:44:97:99:f7:0c:a0:21:a7:a1: + 6c:71:47:16:17:01:68:c0:ca:a6:26:65:04:7c:b3:ae:c9:e7: + 94:55:c2:6f:9b:3c:1c:a9:f9:2e:c5:20:1a:f0:76:e0:be:ec: + 18:d6:4f:d8:25:fb:76:11:e8:bf:e6:21:0f:e8:e8:cc:b5:b6: + a7:d5:b8:f7:9f:41:cf:61:22:46:6a:83:b6:68:97:2e:7c:ea: + 4e:95:db:23:eb:2e:c8:2b:28:84:a4:60:e9:49:f4:44:2e:3b: + f9:ca:62:57:01:e2:5d:90:16:f9:c9:fc:7a:23:48:8e:a6:d5: + 81:72:f1:28:fa:5d:ce:fb:ed:4e:73:8f:94:2e:d2:41:94:98: + 99:db:a7:af:70:5f:f5:be:fb:02:20:bf:66:27:6c:b4:ad:fa: + 75:12:0b:2b:3e:ce:03:9e +-----BEGIN CERTIFICATE----- +MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP +MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy +Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa +Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF +bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL +YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a +/6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4 +FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR +mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3 +DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG +MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/ +AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5 +tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG +Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD +VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B +AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo +zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd +u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9 +1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0 +GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh +1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ +QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N +4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz +rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei +RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx +KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 8a:7d:3e:13:d6:2f:30:ef:23:86:bd:29:07:6b:34:f8 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=R11 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ba:87:bc:5c:1b:00:39:cb:ca:0a:cd:d4:67:10: + f9:01:3c:a5:4e:a5:61:cb:26:ca:52:fb:15:01:b7: + b9:28:f5:28:1e:ed:27:b3:24:18:39:67:09:0c:08: + ec:e0:3a:b0:3b:77:0e:bd:f3:e5:39:54:41:0c:4e: + ae:41:d6:99:74:de:51:db:ef:7b:ff:58:bd:a8:b7: + 13:f6:de:31:d5:f2:72:c9:72:6a:0b:83:74:95:9c: + 46:00:64:14:99:f3:b1:d9:22:d9:cd:a8:92:aa:1c: + 26:7a:3f:fe:ef:58:05:7b:08:95:81:db:71:0f:8e: + fb:e3:31:09:bb:09:be:50:4d:5f:8f:91:76:3d:5a: + 9d:9e:83:f2:e9:c4:66:b3:e1:06:66:43:48:18:80: + 65:a0:37:18:9a:9b:84:32:97:b1:b2:bd:c4:f8:15: + 00:9d:27:88:fb:e2:63:17:96:6c:9b:27:67:4b:c4: + db:28:5e:69:c2:79:f0:49:5c:e0:24:50:e1:c4:bc: + a1:05:ac:7b:40:6d:00:b4:c2:41:3f:a7:58:b8:2f: + c5:5c:9b:a5:bb:09:9e:f1:fe:eb:b0:85:39:fd:a8: + 0a:ef:45:c4:78:eb:65:2a:c2:cf:5f:3c:de:e3:5c: + 4d:1b:f7:0b:27:2b:aa:0b:42:77:53:4f:79:6a:1d: + 87:d9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9 + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + Signature Algorithm: sha256WithRSAEncryption + 4e:e2:89:5d:0a:03:1c:90:38:d0:f5:1f:f9:71:5c:f8:c3:8f: + b2:37:88:7a:6f:b0:25:1f:ed:be:b7:d8:86:06:8e:e9:09:84: + cd:72:bf:81:f3:fc:ca:cf:53:48:ed:bd:f6:69:42:d4:a5:11: + 3e:35:c8:13:b2:92:1d:05:5f:ea:2e:d4:d8:f8:49:c3:ad:f5: + 99:96:9c:ef:26:d8:e1:b4:24:0b:48:20:4d:fc:d3:54:b4:a9: + c6:21:c8:e1:36:1b:ff:77:64:29:17:b9:f0:4b:ef:5d:ea:cd: + 79:d0:bf:90:bf:be:23:b2:90:da:4a:a9:48:31:74:a9:44:0b: + e1:e2:f6:2d:83:71:a4:75:7b:d2:94:c1:05:19:46:1c:b9:8f: + f3:c4:74:48:25:2a:0d:e5:f5:db:43:e2:db:93:9b:b9:19:b4: + 1f:2f:df:6a:0e:8f:31:d3:63:0f:bb:29:dc:dd:66:2c:3f:b0: + 1b:67:51:f8:41:3c:e4:4d:b9:ac:b8:a4:9c:66:63:f5:ab:85: + 23:1d:cc:53:b6:ab:71:ae:dc:c5:01:71:da:36:ee:0a:18:2a: + 32:fd:09:31:7c:8f:f6:73:e7:9c:9c:b5:4a:15:6a:77:82:5a: + cf:da:8d:45:fe:1f:2a:64:05:30:3e:73:c2:c6:0c:b9:d6:3b: + 63:4a:ab:46:03:fe:99:c0:46:40:27:60:63:df:50:3a:07:47: + d8:15:4a:9f:ea:47:1f:99:5a:08:62:0c:b6:6c:33:08:4d:d7: + 38:ed:48:2d:2e:05:68:ae:80:5d:ef:4c:dc:d8:20:41:5f:68: + f1:bb:5a:cd:e3:0e:b0:0c:31:87:9b:43:de:49:43:e1:c8:04: + 3f:d1:3c:1b:87:45:30:69:a8:a9:72:0e:79:12:1c:31:d8:3e: + 23:57:dd:a7:4f:a0:f0:1c:81:d1:77:1f:6f:d6:d2:b9:a8:b3: + 03:16:81:39:4b:9f:55:ae:d2:6a:e4:b3:bf:ea:a5:d5:9f:4b: + a3:c9:d6:3b:72:f3:4a:f6:54:ab:0c:fc:38:f7:60:80:df:6e: + 35:ca:75:a1:54:e4:2f:bc:6e:17:c9:1a:a5:37:b5:a2:9a:ba: + ec:f4:c0:75:46:4f:77:a8:e8:59:56:91:66:2d:6e:de:29:81: + d6:a6:97:05:5e:64:45:be:2c:ce:ea:64:42:44:b0:c3:4f:ad: + f0:b4:dc:03:ca:99:9b:09:82:95:82:0d:63:8a:66:f9:19:72: + f8:d5:b9:89:10:e2:89:98:09:35:f9:a2:1c:be:92:73:23:74: + e9:9d:1f:d7:3b:4a:9a:84:58:10:c2:f3:a7:e2:35:ec:7e:3b: + 45:ce:30:46:52:6b:c0:c0 +-----BEGIN CERTIFICATE----- +MIIFBjCCAu6gAwIBAgIRAIp9PhPWLzDvI4a9KQdrNPgwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDEMMAoGA1UEAxMDUjExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAuoe8XBsAOcvKCs3UZxD5ATylTqVhyybKUvsVAbe5KPUoHu0nsyQYOWcJ +DAjs4DqwO3cOvfPlOVRBDE6uQdaZdN5R2+97/1i9qLcT9t4x1fJyyXJqC4N0lZxG +AGQUmfOx2SLZzaiSqhwmej/+71gFewiVgdtxD4774zEJuwm+UE1fj5F2PVqdnoPy +6cRms+EGZkNIGIBloDcYmpuEMpexsr3E+BUAnSeI++JjF5ZsmydnS8TbKF5pwnnw +SVzgJFDhxLyhBax7QG0AtMJBP6dYuC/FXJuluwme8f7rsIU5/agK70XEeOtlKsLP +Xzze41xNG/cLJyuqC0J3U095ah2H2QIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB +/wIBADAdBgNVHQ4EFgQUxc9GpOr0w8B6bJXELbBeki8m47kwHwYDVR0jBBgwFoAU +ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC +hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG +A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN +AQELBQADggIBAE7iiV0KAxyQOND1H/lxXPjDj7I3iHpvsCUf7b632IYGjukJhM1y +v4Hz/MrPU0jtvfZpQtSlET41yBOykh0FX+ou1Nj4ScOt9ZmWnO8m2OG0JAtIIE38 +01S0qcYhyOE2G/93ZCkXufBL713qzXnQv5C/viOykNpKqUgxdKlEC+Hi9i2DcaR1 +e9KUwQUZRhy5j/PEdEglKg3l9dtD4tuTm7kZtB8v32oOjzHTYw+7KdzdZiw/sBtn +UfhBPORNuay4pJxmY/WrhSMdzFO2q3Gu3MUBcdo27goYKjL9CTF8j/Zz55yctUoV +aneCWs/ajUX+HypkBTA+c8LGDLnWO2NKq0YD/pnARkAnYGPfUDoHR9gVSp/qRx+Z +WghiDLZsMwhN1zjtSC0uBWiugF3vTNzYIEFfaPG7Ws3jDrAMMYebQ95JQ+HIBD/R +PBuHRTBpqKlyDnkSHDHYPiNX3adPoPAcgdF3H2/W0rmoswMWgTlLn1Wu0mrks7/q +pdWfS6PJ1jty80r2VKsM/Dj3YIDfbjXKdaFU5C+8bhfJGqU3taKauuz0wHVGT3eo +6FlWkWYtbt4pgdamlwVeZEW+LM7qZEJEsMNPrfC03APKmZsJgpWCDWOKZvkZcvjV +uYkQ4omYCTX5ohy+knMjdOmdH9c7SpqEWBDC86fiNex+O0XOMEZSa8DA +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c2:12:32:4b:70:a9:b4:91:71:dc:40:f7:e2:85:26:3c + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=R12 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:da:98:28:74:ad:be:94:fe:3b:e0:1e:e2:e5:4b: + 75:ab:2c:12:7f:ed:a7:03:32:7e:36:97:ec:e8:31: + 8f:a5:13:8d:0b:99:2e:1e:cd:01:51:3d:4c:e5:28: + 6e:09:55:31:aa:a5:22:5d:72:f4:2d:07:c2:4d:40: + 3c:df:01:23:b9:78:37:f5:1a:65:32:34:e6:86:71: + 9d:04:ef:84:08:5b:bd:02:1a:99:eb:a6:01:00:9a: + 73:90:6d:8f:a2:07:a0:d0:97:d3:da:45:61:81:35: + 3d:14:f9:c4:c0:5f:6a:dc:0b:96:1a:b0:9f:e3:2a: + ea:bd:2a:d6:98:c7:9b:71:ab:3b:74:0f:3c:db:b2: + 60:be:5a:4b:4e:18:e9:db:2a:73:5c:89:61:65:9e: + fe:ed:3c:a6:cb:4e:6f:e4:9e:f9:00:46:b3:ff:19: + 4d:2a:63:b3:8e:66:c6:18:85:70:c7:50:65:6f:3b: + 74:e5:48:83:0f:08:58:5d:2d:23:9d:5e:a3:fe:e8: + db:00:a1:d2:f4:e3:19:4d:f2:ee:7a:f6:27:9e:e5: + cd:9c:2d:a2:f2:7f:9c:17:ad:ef:13:37:39:d1:b4: + c8:2c:41:d6:86:c0:e9:ec:21:f8:59:1b:7f:b9:3a: + 7c:9f:5c:01:9d:62:04:c2:28:bd:0a:ad:3c:ca:10: + ec:1b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 00:B5:29:F2:2D:8E:6F:31:E8:9B:4C:AD:78:3E:FA:DC:E9:0C:D1:D2 + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + Signature Algorithm: sha256WithRSAEncryption + 8f:75:d0:09:cf:6a:76:48:65:32:92:de:b5:44:c8:85:76:f4: + 15:84:8c:02:bf:76:eb:b3:f1:e2:f9:6e:84:a8:56:91:e1:92: + 4b:f7:e1:ea:00:78:48:8f:75:92:e3:e4:46:7b:1b:60:2b:20: + af:a0:ce:14:e5:45:0d:6a:e0:52:86:a4:f3:da:14:14:a9:a9: + 5f:f1:6d:46:f9:52:50:17:40:e9:e4:1e:7d:e6:15:58:fe:a9: + 8b:fc:ef:f5:9e:63:e0:66:e2:c3:77:3b:1f:01:87:26:94:ed: + 40:10:dc:b7:99:ec:dd:57:d3:5c:71:41:ee:30:20:00:04:dc: + 95:4b:50:28:87:99:92:fe:aa:80:94:b6:06:08:14:f8:1c:83: + 7e:74:40:c5:08:5a:0c:4f:5c:d1:84:9d:c4:fd:db:59:de:ee: + 79:6e:23:4d:95:f2:92:d4:98:29:6a:5c:eb:02:c1:42:f0:f8: + f5:4e:64:20:7b:a8:e3:31:c4:c0:68:09:47:8b:d8:b9:78:a0: + ca:4e:4a:be:69:24:2a:4b:37:7b:51:03:6b:3a:3f:52:8b:b3: + d4:d2:ad:58:4e:93:ee:cb:5f:6f:0d:31:49:48:ba:c4:3f:9f: + 12:c9:20:3d:11:84:07:85:b4:f8:f2:38:23:ac:71:00:40:e7: + 7f:8d:46:34:82:6a:4e:cf:e0:0e:63:5f:ba:69:9a:47:09:10: + 22:fe:4b:48:b7:91:75:54:cb:93:1e:e4:16:eb:53:cf:7b:de: + 36:4d:bf:f6:b1:eb:e6:4a:e9:33:3c:8d:69:a2:98:be:a8:7f: + a3:ab:5f:b6:54:e8:4d:96:a9:ac:f3:b0:5a:cb:1b:7a:36:93: + 24:9b:ce:58:52:80:9f:35:0a:5e:2d:bf:74:9b:62:26:17:9c: + 91:31:29:0b:f3:7f:cd:c3:62:8b:68:c7:77:f4:7f:0b:fb:c6: + 59:f5:03:66:4b:a6:50:9b:d0:ef:a5:fc:02:b4:60:4d:03:4b: + 61:4f:c5:20:07:8b:48:b0:31:f5:b6:9c:d1:c9:ad:77:18:dc: + b2:c7:0f:be:e0:46:08:de:e0:4b:de:b9:b8:b6:c7:16:be:36: + 69:3f:86:68:4b:74:81:13:89:50:c5:6a:7a:02:ac:c5:48:a5: + 0e:7d:5d:61:e4:cd:d1:66:a0:75:c7:05:5e:e8:89:b5:63:19: + 23:bb:50:b4:90:ec:c2:75:37:3e:75:a6:1b:83:25:28:00:21: + 4e:c0:d3:3a:cb:9c:ea:c0:8f:f7:5f:ae:51:16:46:10:af:02: + 06:ee:c0:b6:57:d4:0d:ac:8c:d8:d7:a0:f3:87:6e:c3:e2:cb: + e9:4e:d4:a1:7c:fd:76:3b +-----BEGIN CERTIFICATE----- +MIIFBjCCAu6gAwIBAgIRAMISMktwqbSRcdxA9+KFJjwwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDEMMAoGA1UEAxMDUjEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA2pgodK2+lP474B7i5Ut1qywSf+2nAzJ+Npfs6DGPpRONC5kuHs0BUT1M +5ShuCVUxqqUiXXL0LQfCTUA83wEjuXg39RplMjTmhnGdBO+ECFu9AhqZ66YBAJpz +kG2Pogeg0JfT2kVhgTU9FPnEwF9q3AuWGrCf4yrqvSrWmMebcas7dA8827JgvlpL +Thjp2ypzXIlhZZ7+7Tymy05v5J75AEaz/xlNKmOzjmbGGIVwx1Blbzt05UiDDwhY +XS0jnV6j/ujbAKHS9OMZTfLuevYnnuXNnC2i8n+cF63vEzc50bTILEHWhsDp7CH4 +WRt/uTp8n1wBnWIEwii9Cq08yhDsGwIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB +/wIBADAdBgNVHQ4EFgQUALUp8i2ObzHom0yteD763OkM0dIwHwYDVR0jBBgwFoAU +ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC +hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG +A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN +AQELBQADggIBAI910AnPanZIZTKS3rVEyIV29BWEjAK/duuz8eL5boSoVpHhkkv3 +4eoAeEiPdZLj5EZ7G2ArIK+gzhTlRQ1q4FKGpPPaFBSpqV/xbUb5UlAXQOnkHn3m +FVj+qYv87/WeY+Bm4sN3Ox8BhyaU7UAQ3LeZ7N1X01xxQe4wIAAE3JVLUCiHmZL+ +qoCUtgYIFPgcg350QMUIWgxPXNGEncT921ne7nluI02V8pLUmClqXOsCwULw+PVO +ZCB7qOMxxMBoCUeL2Ll4oMpOSr5pJCpLN3tRA2s6P1KLs9TSrVhOk+7LX28NMUlI +usQ/nxLJID0RhAeFtPjyOCOscQBA53+NRjSCak7P4A5jX7ppmkcJECL+S0i3kXVU +y5Me5BbrU8973jZNv/ax6+ZK6TM8jWmimL6of6OrX7ZU6E2WqazzsFrLG3o2kySb +zlhSgJ81Cl4tv3SbYiYXnJExKQvzf83DYotox3f0fwv7xln1A2ZLplCb0O+l/AK0 +YE0DS2FPxSAHi0iwMfW2nNHJrXcY3LLHD77gRgje4Eveubi2xxa+Nmk/hmhLdIET +iVDFanoCrMVIpQ59XWHkzdFmoHXHBV7oibVjGSO7ULSQ7MJ1Nz51phuDJSgAIU7A +0zrLnOrAj/dfrlEWRhCvAgbuwLZX1A2sjNjXoPOHbsPiy+lO1KF8/XY7 +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5a:00:f2:12:d8:d4:b4:80:f3:92:41:57:ea:29:83:05 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=R13 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a5:67:70:8d:d0:56:81:64:15:17:61:cd:b9:06: + d4:ad:19:90:8c:26:50:37:98:16:63:92:54:db:d9: + cc:84:05:93:ec:d3:ec:08:1b:a0:60:51:43:48:7d: + 2b:c7:48:96:9e:b4:2d:da:9d:c8:27:3b:57:a1:9f: + ab:f0:d6:0e:d4:0e:30:ca:6f:9b:b1:d1:d6:a4:9d: + 32:3e:58:4e:35:6f:45:58:68:71:17:fc:3e:d8:5d: + 82:a0:2f:b2:51:6c:b0:1a:5d:b8:59:ce:35:65:c8: + 8b:a1:af:10:37:ff:e3:9c:5d:c2:49:17:34:ff:8c: + 2b:8b:8d:f0:bc:71:2c:93:0c:1d:05:c4:ba:c7:cd: + aa:c9:5e:7c:d1:c9:01:f7:9c:03:f6:fc:0a:5d:f4: + da:7b:e6:db:76:42:70:eb:f4:4d:22:da:00:77:6f: + d6:c9:5f:17:fd:da:75:2e:a5:57:0c:f6:ea:5c:b6: + e0:73:a5:68:cf:a1:74:e2:75:82:7e:10:9f:c1:f5: + a2:eb:01:e9:38:b1:0a:44:cc:d3:c2:89:f5:49:35: + 82:0a:34:b3:1c:e9:88:c2:47:4e:82:0e:0a:36:f0: + 47:4f:8a:f1:29:04:75:da:cd:e1:9a:5c:ff:5e:9d: + 98:95:ba:9a:43:d0:4a:a2:17:05:01:04:30:d3:32: + b3:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + E7:AB:9F:0F:2C:33:A0:53:D3:5E:4F:78:C8:B2:84:0E:3B:D6:92:33 + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + Signature Algorithm: sha256WithRSAEncryption + 51:37:58:52:a1:22:9b:35:bb:4d:ba:ce:ca:92:ea:09:f2:fb: + 54:ec:18:7f:f4:3b:f4:e1:f9:70:72:c2:65:e8:20:7d:08:43: + 72:89:e5:93:b2:a0:87:c6:f4:be:2f:bf:5e:e5:ae:ec:23:7c: + 9f:f5:0f:7a:0d:6f:a3:71:be:b5:a5:e2:ae:bc:ad:b6:14:22: + 9c:01:c6:c1:cf:d4:75:b3:b2:80:96:bd:ce:e0:5c:57:2a:a8: + 1f:70:97:4d:70:c8:9d:3f:bc:6b:e7:37:68:45:4c:27:64:ad: + fa:94:a7:e1:e7:7e:5a:40:e9:f2:28:ec:8a:3b:c4:c8:5c:04: + e3:b8:6e:95:6d:0b:b7:38:e0:f5:f3:95:e4:f9:ab:83:fc:f1: + 59:b4:6e:2f:e9:34:0c:10:c7:10:97:a7:9c:2b:00:7a:7e:dc: + df:93:e6:c7:b8:e9:98:9f:c7:b6:04:61:72:7c:f4:ca:34:81: + bf:22:30:e8:bd:50:22:ea:64:0a:fd:92:04:e0:d3:ff:10:c3: + de:07:d0:43:22:af:ea:ba:15:e0:6d:84:85:f1:32:02:c5:a9: + 9a:88:f1:8c:25:02:1a:2c:a0:f7:b1:6f:0e:d9:bf:34:ad:8b: + 49:cf:65:c9:b2:b1:07:bd:c8:db:e3:f6:1b:70:9a:5a:9b:ef: + a4:08:87:09:5b:b7:d2:35:bc:18:2c:4a:75:f8:6c:5e:d9:c8: + cb:68:a6:b2:44:2a:55:9d:a6:d0:f9:b1:a1:b6:f6:f1:3b:9c: + af:bc:41:2b:b0:ad:c2:f3:eb:6f:bf:68:b3:bb:b6:5c:fd:ce: + e5:ff:5b:fc:7e:ba:18:dc:91:ae:09:51:5e:5a:d8:8c:8d:68: + 19:82:ff:7f:82:35:9f:f4:a0:ba:c7:5a:e9:6b:c0:e8:2d:7d: + d2:4c:63:53:5e:58:d7:69:87:53:8f:81:c7:24:7d:73:1d:a1: + 84:64:bd:7c:08:cc:64:a2:6c:b3:6f:2a:c6:fc:fa:03:1b:b8: + 09:a0:e6:44:d6:69:2b:fa:50:ad:71:75:ef:25:c2:5e:49:84: + 5a:0b:d2:38:46:72:e9:9f:69:71:b2:c8:54:41:9c:91:5f:e2: + 55:ea:b4:00:ea:36:a6:48:3d:a7:84:11:23:2d:2d:2b:67:62: + 44:43:4b:48:5d:8a:ca:c1:70:6d:8e:81:db:a0:45:78:5b:37: + bf:5b:18:55:18:45:5b:d9:cb:90:ea:d0:56:9a:2b:09:2d:0a: + c9:99:9f:c1:50:fc:f6:a4:93:96:77:2d:2d:c6:67:21:ab:e3: + 2a:c2:94:bb:59:c0:d6:25:34:c9:83:1d:61:ea:4a:47:b9:56: + 6e:7c:21:77:1d:de:c2:89 +-----BEGIN CERTIFICATE----- +MIIFBTCCAu2gAwIBAgIQWgDyEtjUtIDzkkFX6imDBTANBgkqhkiG9w0BAQsFADBP +MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy +Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa +Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF +bmNyeXB0MQwwCgYDVQQDEwNSMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQClZ3CN0FaBZBUXYc25BtStGZCMJlA3mBZjklTb2cyEBZPs0+wIG6BgUUNI +fSvHSJaetC3ancgnO1ehn6vw1g7UDjDKb5ux0daknTI+WE41b0VYaHEX/D7YXYKg +L7JRbLAaXbhZzjVlyIuhrxA3/+OcXcJJFzT/jCuLjfC8cSyTDB0FxLrHzarJXnzR +yQH3nAP2/Apd9Np75tt2QnDr9E0i2gB3b9bJXxf92nUupVcM9upctuBzpWjPoXTi +dYJ+EJ/B9aLrAek4sQpEzNPCifVJNYIKNLMc6YjCR06CDgo28EdPivEpBHXazeGa +XP9enZiVuppD0EqiFwUBBDDTMrOPAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG +MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/ +AgEAMB0GA1UdDgQWBBTnq58PLDOgU9NeT3jIsoQOO9aSMzAfBgNVHSMEGDAWgBR5 +tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG +Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD +VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B +AQsFAAOCAgEAUTdYUqEimzW7TbrOypLqCfL7VOwYf/Q79OH5cHLCZeggfQhDconl +k7Kgh8b0vi+/XuWu7CN8n/UPeg1vo3G+taXirrytthQinAHGwc/UdbOygJa9zuBc +VyqoH3CXTXDInT+8a+c3aEVMJ2St+pSn4ed+WkDp8ijsijvEyFwE47hulW0Ltzjg +9fOV5Pmrg/zxWbRuL+k0DBDHEJennCsAen7c35Pmx7jpmJ/HtgRhcnz0yjSBvyIw +6L1QIupkCv2SBODT/xDD3gfQQyKv6roV4G2EhfEyAsWpmojxjCUCGiyg97FvDtm/ +NK2LSc9lybKxB73I2+P2G3CaWpvvpAiHCVu30jW8GCxKdfhsXtnIy2imskQqVZ2m +0Pmxobb28Tucr7xBK7CtwvPrb79os7u2XP3O5f9b/H66GNyRrglRXlrYjI1oGYL/ +f4I1n/Sgusda6WvA6C190kxjU15Y12mHU4+BxyR9cx2hhGS9fAjMZKJss28qxvz6 +Axu4CaDmRNZpK/pQrXF17yXCXkmEWgvSOEZy6Z9pcbLIVEGckV/iVeq0AOo2pkg9 +p4QRIy0tK2diRENLSF2KysFwbY6B26BFeFs3v1sYVRhFW9nLkOrQVporCS0KyZmf +wVD89qSTlnctLcZnIavjKsKUu1nA1iU0yYMdYepKR7lWbnwhdx3ewok= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + be:f3:73:78:a8:70:2a:9e:c0:a4:7a:b9:21:a5:06:ab + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Mar 13 00:00:00 2024 GMT + Not After : Mar 12 23:59:59 2027 GMT + Subject: C=US, O=Let's Encrypt, CN=R14 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:cd:68:54:6c:99:2f:d4:c4:df:14:5e:e2:84:bc: + a5:a7:98:da:8a:d5:d5:9e:0e:b2:11:ea:ee:13:bd: + 7f:73:44:cb:ab:f6:d9:e3:7f:0f:2e:23:cd:af:72: + 35:aa:9e:ba:1d:aa:8e:00:d6:d0:e8:44:e0:d1:28: + ee:05:b5:a7:83:b5:4b:1c:6e:0c:d6:f4:27:c7:8d: + 04:c9:76:f8:32:7a:9e:8b:02:2e:71:bc:9f:12:b6: + ac:19:f4:ec:4b:b1:34:ba:50:bb:b8:9d:c6:f3:43: + 9e:00:64:25:ef:a4:6f:ab:fa:8e:60:e4:7c:9f:d5: + 68:7d:97:db:48:a8:90:90:78:d4:13:8c:8f:d7:c6: + 0a:b9:be:c4:cb:c2:f4:8b:bf:96:89:b6:5d:ec:e6: + 0b:b5:c1:83:c5:9c:20:af:9e:ab:e6:24:98:49:51: + 65:e9:ce:22:86:8a:76:23:cd:60:d8:19:01:18:f6: + 0b:ca:00:d2:92:d5:56:57:3d:7f:72:78:c7:1f:eb: + bb:b9:bb:79:86:19:70:fc:6c:2c:39:a2:5f:22:3a: + c5:87:0d:ca:69:f4:09:ca:f2:71:6a:7a:5f:09:24: + 93:4a:1c:d1:f7:08:4b:4d:22:95:94:7d:80:d7:be: + b5:74:76:9c:79:69:01:46:a7:15:dc:79:2e:14:81: + 88:95 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + E5:10:95:D8:B6:0C:51:D7:A7:72:35:63:0A:54:68:6E:06:53:F8:FB + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + Signature Algorithm: sha256WithRSAEncryption + 20:37:2e:d1:57:1f:c7:90:5c:ba:2f:3c:6c:e9:ed:cd:97:13: + 4f:e3:98:4a:7b:b6:89:22:79:cb:92:74:77:c8:52:83:0c:60: + b8:c8:4e:90:8d:6e:2f:76:0b:3a:7e:aa:b6:8b:9a:9d:1e:2f: + 2e:90:10:4e:70:9e:f3:1e:e5:ff:5f:80:4d:b8:ca:4f:04:a6: + c2:f0:d0:91:2b:f4:bf:2d:a9:65:17:0b:52:a9:8e:c4:f7:c9: + d8:5b:59:1e:f4:8b:88:04:94:1b:d7:9e:31:89:73:a1:e7:53: + cd:2f:7a:a0:01:1c:43:94:f1:3b:80:57:07:ab:06:a1:f8:ef: + d6:4b:65:25:fe:7b:30:1f:9f:d4:1c:62:25:3d:af:c9:15:31: + b7:92:a1:28:90:63:7f:4b:e9:02:bf:df:0e:25:98:c6:7d:5e: + 81:8c:fb:d6:21:26:57:48:6e:90:4d:82:29:28:36:07:0e:a7: + 7c:9a:43:1b:1f:b0:4e:a2:c6:30:59:fc:6e:8e:49:d8:bb:29: + 8e:35:6b:f4:1d:cd:e2:22:4b:2e:1d:0d:5f:11:e2:96:05:f4: + 51:21:a2:0a:54:fd:3f:df:0f:db:44:ee:01:0e:f3:5b:c6:2c: + ec:a1:51:29:48:d8:4c:ec:25:e1:f4:94:0b:7d:34:83:79:08: + fb:5c:a2:88:fd:65:5d:e0:92:e6:30:85:03:1d:86:20:4c:fe: + 08:88:d4:25:fe:dc:95:21:c3:ac:ca:c1:7a:f7:12:38:98:e0: + 49:b0:d7:65:3a:00:26:8c:48:9c:45:c5:a9:2d:d7:38:e6:06: + 7f:c3:36:0c:74:ac:fe:16:c9:e4:89:ad:ec:2b:42:c6:23:5b: + d5:2c:6e:93:bb:18:6a:db:00:3c:bb:d9:ec:62:6e:aa:d4:2d: + 4d:c7:a7:f3:d6:1d:d5:e7:fa:3d:dd:2b:07:94:e5:92:f9:96: + 2e:bb:72:4a:9f:d6:2c:6a:42:da:10:bb:28:db:17:8f:9f:95: + b7:14:ec:07:47:62:73:47:35:41:cc:cf:94:d6:5d:82:96:3f: + a7:c5:93:d3:d2:82:04:bc:0e:66:2d:62:8c:cd:de:7a:51:48: + 21:d3:0b:9e:91:c5:af:35:02:97:43:f4:06:f4:74:5e:df:3a: + f9:67:9a:78:86:c5:fa:82:45:28:7f:44:c1:86:11:a4:f1:74: + 07:e1:a7:f9:bf:c9:a4:78:c6:d9:bc:55:30:27:f1:de:b9:87: + fd:c3:7c:a3:86:67:7e:14:9e:f6:66:27:f6:c7:aa:75:38:ce: + 42:d6:73:9d:62:0b:58:bd:38:84:16:ce:87:8f:2b:aa:8d:3d: + 4a:bb:93:ea:0a:50:c4:a3 +-----BEGIN CERTIFICATE----- +MIIFBjCCAu6gAwIBAgIRAL7zc3iocCqewKR6uSGlBqswDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDEMMAoGA1UEAxMDUjE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAzWhUbJkv1MTfFF7ihLylp5jaitXVng6yEeruE71/c0TLq/bZ438PLiPN +r3I1qp66HaqOANbQ6ETg0SjuBbWng7VLHG4M1vQnx40EyXb4MnqeiwIucbyfEras +GfTsS7E0ulC7uJ3G80OeAGQl76Rvq/qOYOR8n9VofZfbSKiQkHjUE4yP18YKub7E +y8L0i7+WibZd7OYLtcGDxZwgr56r5iSYSVFl6c4ihop2I81g2BkBGPYLygDSktVW +Vz1/cnjHH+u7ubt5hhlw/GwsOaJfIjrFhw3KafQJyvJxanpfCSSTShzR9whLTSKV +lH2A1761dHaceWkBRqcV3HkuFIGIlQIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB +/wIBADAdBgNVHQ4EFgQU5RCV2LYMUdencjVjClRobgZT+PswHwYDVR0jBBgwFoAU +ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC +hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG +A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN +AQELBQADggIBACA3LtFXH8eQXLovPGzp7c2XE0/jmEp7tokiecuSdHfIUoMMYLjI +TpCNbi92Czp+qraLmp0eLy6QEE5wnvMe5f9fgE24yk8EpsLw0JEr9L8tqWUXC1Kp +jsT3ydhbWR70i4gElBvXnjGJc6HnU80veqABHEOU8TuAVwerBqH479ZLZSX+ezAf +n9QcYiU9r8kVMbeSoSiQY39L6QK/3w4lmMZ9XoGM+9YhJldIbpBNgikoNgcOp3ya +QxsfsE6ixjBZ/G6OSdi7KY41a/QdzeIiSy4dDV8R4pYF9FEhogpU/T/fD9tE7gEO +81vGLOyhUSlI2EzsJeH0lAt9NIN5CPtcooj9ZV3gkuYwhQMdhiBM/giI1CX+3JUh +w6zKwXr3EjiY4Emw12U6ACaMSJxFxakt1zjmBn/DNgx0rP4WyeSJrewrQsYjW9Us +bpO7GGrbADy72exibqrULU3Hp/PWHdXn+j3dKweU5ZL5li67ckqf1ixqQtoQuyjb +F4+flbcU7AdHYnNHNUHMz5TWXYKWP6fFk9PSggS8DmYtYozN3npRSCHTC56Rxa81 +ApdD9Ab0dF7fOvlnmniGxfqCRSh/RMGGEaTxdAfhp/m/yaR4xtm8VTAn8d65h/3D +fKOGZ34UnvZmJ/bHqnU4zkLWc51iC1i9OIQWzoePK6qNPUq7k+oKUMSj +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 91:2b:08:4a:cf:0c:18:a7:53:f6:d6:2e:25:a7:5f:5a + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Sep 4 00:00:00 2020 GMT + Not After : Sep 15 16:00:00 2025 GMT + Subject: C=US, O=Let's Encrypt, CN=R3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bb:02:15:28:cc:f6:a0:94:d3:0f:12:ec:8d:55: + 92:c3:f8:82:f1:99:a6:7a:42:88:a7:5d:26:aa:b5: + 2b:b9:c5:4c:b1:af:8e:6b:f9:75:c8:a3:d7:0f:47: + 94:14:55:35:57:8c:9e:a8:a2:39:19:f5:82:3c:42: + a9:4e:6e:f5:3b:c3:2e:db:8d:c0:b0:5c:f3:59:38: + e7:ed:cf:69:f0:5a:0b:1b:be:c0:94:24:25:87:fa: + 37:71:b3:13:e7:1c:ac:e1:9b:ef:db:e4:3b:45:52: + 45:96:a9:c1:53:ce:34:c8:52:ee:b5:ae:ed:8f:de: + 60:70:e2:a5:54:ab:b6:6d:0e:97:a5:40:34:6b:2b: + d3:bc:66:eb:66:34:7c:fa:6b:8b:8f:57:29:99:f8: + 30:17:5d:ba:72:6f:fb:81:c5:ad:d2:86:58:3d:17: + c7:e7:09:bb:f1:2b:f7:86:dc:c1:da:71:5d:d4:46: + e3:cc:ad:25:c1:88:bc:60:67:75:66:b3:f1:18:f7: + a2:5c:e6:53:ff:3a:88:b6:47:a5:ff:13:18:ea:98: + 09:77:3f:9d:53:f9:cf:01:e5:f5:a6:70:17:14:af: + 63:a4:ff:99:b3:93:9d:dc:53:a7:06:fe:48:85:1d: + a1:69:ae:25:75:bb:13:cc:52:03:f5:ed:51:a1:8b: + db:15 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + Policy: 1.3.6.1.4.1.44947.1.1.1 + + Signature Algorithm: sha256WithRSAEncryption + 85:ca:4e:47:3e:a3:f7:85:44:85:bc:d5:67:78:b2:98:63:ad: + 75:4d:1e:96:3d:33:65:72:54:2d:81:a0:ea:c3:ed:f8:20:bf: + 5f:cc:b7:70:00:b7:6e:3b:f6:5e:94:de:e4:20:9f:a6:ef:8b: + b2:03:e7:a2:b5:16:3c:91:ce:b4:ed:39:02:e7:7c:25:8a:47: + e6:65:6e:3f:46:f4:d9:f0:ce:94:2b:ee:54:ce:12:bc:8c:27: + 4b:b8:c1:98:2f:a2:af:cd:71:91:4a:08:b7:c8:b8:23:7b:04: + 2d:08:f9:08:57:3e:83:d9:04:33:0a:47:21:78:09:82:27:c3: + 2a:c8:9b:b9:ce:5c:f2:64:c8:c0:be:79:c0:4f:8e:6d:44:0c: + 5e:92:bb:2e:f7:8b:10:e1:e8:1d:44:29:db:59:20:ed:63:b9: + 21:f8:12:26:94:93:57:a0:1d:65:04:c1:0a:22:ae:10:0d:43: + 97:a1:18:1f:7e:e0:e0:86:37:b5:5a:b1:bd:30:bf:87:6e:2b: + 2a:ff:21:4e:1b:05:c3:f5:18:97:f0:5e:ac:c3:a5:b8:6a:f0: + 2e:bc:3b:33:b9:ee:4b:de:cc:fc:e4:af:84:0b:86:3f:c0:55: + 43:36:f6:68:e1:36:17:6a:8e:99:d1:ff:a5:40:a7:34:b7:c0: + d0:63:39:35:39:75:6e:f2:ba:76:c8:93:02:e9:a9:4b:6c:17: + ce:0c:02:d9:bd:81:fb:9f:b7:68:d4:06:65:b3:82:3d:77:53: + f8:8e:79:03:ad:0a:31:07:75:2a:43:d8:55:97:72:c4:29:0e: + f7:c4:5d:4e:c8:ae:46:84:30:d7:f2:85:5f:18:a1:79:bb:e7: + 5e:70:8b:07:e1:86:93:c3:b9:8f:dc:61:71:25:2a:af:df:ed: + 25:50:52:68:8b:92:dc:e5:d6:b5:e3:da:7d:d0:87:6c:84:21: + 31:ae:82:f5:fb:b9:ab:c8:89:17:3d:e1:4c:e5:38:0e:f6:bd: + 2b:bd:96:81:14:eb:d5:db:3d:20:a7:7e:59:d3:e2:f8:58:f9: + 5b:b8:48:cd:fe:5c:4f:16:29:fe:1e:55:23:af:c8:11:b0:8d: + ea:7c:93:90:17:2f:fd:ac:a2:09:47:46:3f:f0:e9:b0:b7:ff: + 28:4d:68:32:d6:67:5e:1e:69:a3:93:b8:f5:9d:8b:2f:0b:d2: + 52:43:a6:6f:32:57:65:4d:32:81:df:38:53:85:5d:7e:5d:66: + 29:ea:b8:dd:e4:95:b5:cd:b5:56:12:42:cd:c4:4e:c6:25:38: + 44:50:6d:ec:ce:00:55:18:fe:e9:49:64:d4:4e:ca:97:9c:b4: + 5b:c0:73:a8:ab:b8:47:c2 +-----BEGIN CERTIFICATE----- +MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw +WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP +R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx +sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm +NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg +Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG +/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB +Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA +FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw +Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB +gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W +PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl +ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz +CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm +lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 +avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 +yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O +yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids +hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ +HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv +MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX +nLRbwHOoq7hHwg== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 8a:79:22:50:ab:e5:2c:52:6c:ee:cf:7f:c9:42:dd:62 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Sep 4 00:00:00 2020 GMT + Not After : Sep 15 16:00:00 2025 GMT + Subject: C=US, O=Let's Encrypt, CN=R4 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:b3:28:dc:77:29:d3:e7:91:be:f3:b7:0a:00:c7: + fb:f2:55:0b:25:22:63:53:36:af:e9:08:20:df:0d: + af:28:3e:cd:c6:ab:57:b6:9d:a4:25:19:a5:d2:32: + 6d:49:a6:08:b9:c7:2f:a1:9b:93:c5:20:40:6b:84: + 31:20:a2:8e:30:60:25:60:ef:d9:1a:89:3f:1f:69: + 71:b2:da:ea:3f:73:41:c4:90:6f:66:fd:7d:9e:58: + d8:77:cf:cd:59:75:44:c9:a1:0a:7b:9f:3f:1b:0e: + 3a:66:6f:b6:75:cf:8b:cb:af:9d:c0:70:c5:ff:d2: + 82:0a:af:5d:cd:e2:e8:9c:85:94:a4:e6:00:35:e8: + 7e:4e:39:81:c7:21:89:60:77:ea:1d:96:f2:8b:83: + 7b:47:c4:6d:32:c0:52:7e:23:1e:45:b5:71:ee:a3: + ef:17:c2:03:a9:93:89:dd:f5:9f:db:ba:f1:da:e0: + 7e:97:87:71:81:1e:1a:82:56:e4:3e:7c:18:a2:08: + e5:16:5f:a8:fa:a8:e0:48:51:4d:18:14:a0:0c:a3: + e5:b6:ca:b3:b5:55:12:6b:72:c7:5a:7f:3b:8c:f9: + e7:d9:d1:8e:12:4d:33:33:03:2a:f1:13:e1:42:3c: + c2:2e:59:60:2e:6d:e0:07:47:33:65:df:d2:67:ca: + 4d:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 36:9D:3E:E0:B1:40:F6:27:2C:7C:BF:8D:9D:31:8A:F6:54:A6:46:26 + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + Policy: 1.3.6.1.4.1.44947.1.1.1 + + Signature Algorithm: sha256WithRSAEncryption + 89:6e:ee:42:6a:55:8e:f8:7f:80:cf:49:66:20:6d:78:0d:79: + a5:60:74:04:93:6e:ae:9a:3b:82:ca:2a:16:b3:68:9c:3a:56: + 73:9c:f4:dc:66:f6:df:ab:4d:98:3c:71:93:0a:ed:dc:b6:08: + 15:0d:42:c9:f9:fc:0e:c4:a7:a4:cc:8a:9e:c8:b3:64:a7:c7: + 72:17:04:80:af:6d:c3:60:12:15:79:70:e9:c4:78:52:86:fb: + f4:30:b2:73:aa:a0:c5:05:31:d8:7b:55:f9:5f:66:3b:a2:88: + 32:f9:40:c9:c5:5d:8d:db:8f:e0:67:c9:71:1b:85:6b:db:f5: + 44:7d:43:ab:c3:84:e8:b2:5e:59:fb:5b:b3:39:db:d3:c8:17: + 31:0f:f1:39:ac:68:13:2d:cc:e6:ba:57:2d:1f:2d:c8:31:39: + 9d:4c:5a:f4:16:75:34:fc:73:10:a2:ab:96:42:e3:83:84:5a: + b3:32:a3:5c:b1:d6:e3:00:d5:01:c0:e1:10:ac:a2:3c:4b:2e: + be:6f:ce:24:1c:fe:cf:b4:ef:92:e0:89:3c:47:69:3b:65:e3: + 25:13:52:66:c4:18:bf:3d:95:3c:eb:46:25:c1:3f:3f:a8:e6: + 13:a0:21:d5:c8:38:e1:bf:ca:ae:b5:b7:f6:42:75:25:dd:25: + 7c:ea:d8:76:23:54:10:13:5e:2c:d3:2e:c2:74:01:dc:1e:4c: + 37:b0:01:1e:60:69:30:08:0e:f8:30:ef:95:16:d9:d8:6d:ff: + 41:d8:90:4e:87:2c:96:6f:9d:3c:ee:b1:b3:8a:db:b9:31:30: + 16:e3:55:fd:0f:04:de:5c:48:3e:6b:6e:2d:01:e8:6d:f9:8d: + 4c:8a:89:c7:53:06:b8:8f:b1:41:fe:da:cd:dc:59:db:fe:bf: + 74:fb:83:fa:e9:91:13:54:81:1c:8e:c7:94:48:c1:ce:c3:ac: + aa:bf:5d:3f:1f:f7:70:ff:ca:f6:10:35:22:9d:c0:41:5f:7a: + 3d:0c:bd:d2:69:da:ab:6a:09:0a:cb:de:87:b4:c8:8b:72:a3: + 0c:18:03:e6:d2:0b:62:d5:be:9f:6e:7b:ce:76:bd:26:ac:85: + 48:29:7e:67:cc:e7:86:64:e4:5a:60:ba:12:0f:80:bc:aa:f1: + 53:ed:4f:94:9b:a0:cc:a3:7e:9c:54:33:6c:3e:69:05:e7:be: + 7f:b3:70:b6:0b:11:a2:08:f4:2a:57:13:e0:7c:d4:a1:fb:60: + 8f:77:65:ef:d3:89:4d:7a:ec:3a:80:6f:3d:0e:53:a1:1e:ea: + 05:29:19:66:3e:7a:26:fa:0c:2a:87:3d:d9:5c:c7:f3:4d:f9: + af:8e:b0:68:93:30:88:08 +-----BEGIN CERTIFICATE----- +MIIFFjCCAv6gAwIBAgIRAIp5IlCr5SxSbO7Pf8lC3WIwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw +WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCUjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCzKNx3KdPnkb7ztwoAx/vyVQslImNTNq/pCCDfDa8oPs3Gq1e2naQlGaXS +Mm1Jpgi5xy+hm5PFIEBrhDEgoo4wYCVg79kaiT8faXGy2uo/c0HEkG9m/X2eWNh3 +z81ZdUTJoQp7nz8bDjpmb7Z1z4vLr53AcMX/0oIKr13N4uichZSk5gA16H5OOYHH +IYlgd+odlvKLg3tHxG0ywFJ+Ix5FtXHuo+8XwgOpk4nd9Z/buvHa4H6Xh3GBHhqC +VuQ+fBiiCOUWX6j6qOBIUU0YFKAMo+W2yrO1VRJrcsdafzuM+efZ0Y4STTMzAyrx +E+FCPMIuWWAubeAHRzNl39Jnyk2FAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB +Af8CAQAwHQYDVR0OBBYEFDadPuCxQPYnLHy/jZ0xivZUpkYmMB8GA1UdIwQYMBaA +FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw +Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB +gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCJbu5CalWO+H+Az0lmIG14DXmlYHQE +k26umjuCyioWs2icOlZznPTcZvbfq02YPHGTCu3ctggVDULJ+fwOxKekzIqeyLNk +p8dyFwSAr23DYBIVeXDpxHhShvv0MLJzqqDFBTHYe1X5X2Y7oogy+UDJxV2N24/g +Z8lxG4Vr2/VEfUOrw4Tosl5Z+1uzOdvTyBcxD/E5rGgTLczmulctHy3IMTmdTFr0 +FnU0/HMQoquWQuODhFqzMqNcsdbjANUBwOEQrKI8Sy6+b84kHP7PtO+S4Ik8R2k7 +ZeMlE1JmxBi/PZU860YlwT8/qOYToCHVyDjhv8qutbf2QnUl3SV86th2I1QQE14s +0y7CdAHcHkw3sAEeYGkwCA74MO+VFtnYbf9B2JBOhyyWb5087rGzitu5MTAW41X9 +DwTeXEg+a24tAeht+Y1MionHUwa4j7FB/trN3Fnb/r90+4P66ZETVIEcjseUSMHO +w6yqv10/H/dw/8r2EDUincBBX3o9DL3SadqragkKy96HtMiLcqMMGAPm0gti1b6f +bnvOdr0mrIVIKX5nzOeGZORaYLoSD4C8qvFT7U+Um6DMo36cVDNsPmkF575/s3C2 +CxGiCPQqVxPgfNSh+2CPd2Xv04lNeuw6gG89DlOhHuoFKRlmPnom+gwqhz3ZXMfz +TfmvjrBokzCICA== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d3:b1:72:26:34:23:32:dc:f4:05:28:51:2a:ec:9c:6a + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Oct 6 15:43:55 2016 GMT + Not After : Oct 6 15:43:55 2021 GMT + Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:9c:d3:0c:f0:5a:e5:2e:47:b7:72:5d:37:83:b3: + 68:63:30:ea:d7:35:26:19:25:e1:bd:be:35:f1:70: + 92:2f:b7:b8:4b:41:05:ab:a9:9e:35:08:58:ec:b1: + 2a:c4:68:87:0b:a3:e3:75:e4:e6:f3:a7:62:71:ba: + 79:81:60:1f:d7:91:9a:9f:f3:d0:78:67:71:c8:69: + 0e:95:91:cf:fe:e6:99:e9:60:3c:48:cc:7e:ca:4d: + 77:12:24:9d:47:1b:5a:eb:b9:ec:1e:37:00:1c:9c: + ac:7b:a7:05:ea:ce:4a:eb:bd:41:e5:36:98:b9:cb: + fd:6d:3c:96:68:df:23:2a:42:90:0c:86:74:67:c8: + 7f:a5:9a:b8:52:61:14:13:3f:65:e9:82:87:cb:db: + fa:0e:56:f6:86:89:f3:85:3f:97:86:af:b0:dc:1a: + ef:6b:0d:95:16:7d:c4:2b:a0:65:b2:99:04:36:75: + 80:6b:ac:4a:f3:1b:90:49:78:2f:a2:96:4f:2a:20: + 25:29:04:c6:74:c0:d0:31:cd:8f:31:38:95:16:ba: + a8:33:b8:43:f1:b1:1f:c3:30:7f:a2:79:31:13:3d: + 2d:36:f8:e3:fc:f2:33:6a:b9:39:31:c5:af:c4:8d: + 0d:1d:64:16:33:aa:fa:84:29:b6:d4:0b:c0:d8:7d: + c3:93 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + Policy: 1.3.6.1.4.1.44947.1.1.1 + CPS: http://cps.root-x1.letsencrypt.org + + X509v3 Subject Key Identifier: + A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.root-x1.letsencrypt.org + + Authority Information Access: + OCSP - URI:http://ocsp.root-x1.letsencrypt.org/ + CA Issuers - URI:http://cert.root-x1.letsencrypt.org/ + + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Signature Algorithm: sha256WithRSAEncryption + 19:cf:75:20:34:2d:3a:a6:45:ff:d0:d5:e6:8c:da:32:e8:9c: + 6e:1b:41:d1:27:a8:e2:50:f2:70:aa:c4:e7:93:46:b4:e8:10: + ab:70:4f:ef:b7:ea:04:d2:94:11:b1:03:fe:5d:ba:df:36:8c: + 94:36:8f:13:7c:44:8f:0b:f5:01:57:ad:68:b8:c5:79:c0:d8: + 4a:80:d7:4c:a3:1e:24:7a:1f:d7:23:e8:c1:62:3a:76:f9:22: + 7d:5e:5a:c4:4c:50:cd:af:dd:ef:6d:36:c0:80:80:1b:a4:3c: + 70:20:d6:54:21:d3:ba:ef:14:a9:bf:07:3f:41:0a:36:b1:a2: + b0:0b:20:d5:1f:67:d0:c3:eb:88:f6:8a:02:c8:c6:57:b6:0c: + fc:56:f1:d2:3f:17:69:68:1c:c8:d7:66:3a:86:f1:19:2a:65: + 47:68:c6:d2:03:e7:ef:74:16:0b:06:21:f9:0c:a6:a8:11:4b: + 4e:5f:e3:33:db:08:41:ea:09:79:75:78:ee:47:c8:42:d3:81: + c5:65:2d:75:d0:0e:00:16:9d:1c:ee:b7:58:45:25:e7:33:63: + 5b:63:41:09:e8:e9:fe:ac:fa:73:32:74:b3:76:e9:6b:94:e2: + cd:d4:62:f3:ae:3a:c5:31:46:52:6e:ed:34:91:1e:a0:c2:de: + 54:84:e5:78:20:56:4c:dd:68:f9:2e:28:64:1b:1a:99:f2:fb: + 4d:7f:e3:b8:5f:5d:73:41:ec:79:ed:58:d6:7a:37:65:70:a7: + b1:ba:39:f6:3e:61:0a:d9:c0:86:90:9a:1a:c8:a8:96:6e:8a: + 0b:2b:6d:ed:d6:fa:07:67:e7:29:04:f7:e2:b2:d1:58:15:52: + c7:f1:a3:9d:a6:c0:56:2c:d4:92:98:d8:f1:83:b9:6c:7c:33: + a0:e5:4b:aa:90:92:f1:da:45:4a:34:14:c7:7c:4e:c4:a5:6c: + 5d:3f:bf:de:b9:a8:61:4a:85:20:de:42:83:29:62:7c:1c:99: + 08:a5:46:1f:f4:6b:22:d3:86:51:cb:37:cd:60:4a:42:63:56: + b3:c8:d1:8f:31:09:53:c1:e2:dc:1b:d4:f1:54:77:67:cf:33: + 7b:00:d6:d2:7c:de:c6:79:bf:cb:e0:16:fd:b2:a1:f2:91:3c: + 1d:2d:e8:9c:d4:03:cd:66:4a:a3:37:93:19:79:7b:e2:19:c2: + 16:00:c8:ed:0e:4e:0d:ff:7e:cf:07:a8:64:cd:29:df:41:aa: + 85:30:49:10:73:a7:4e:89:32:0e:5b:ad:40:86:c1:b0:94:0c: + 8d:26:c5:a7:49:dc:1c:f8:5b:14:7a:7f:23:69:04:ad:b2:02: + 29:d6:12:c8:a4:c6:a1:2d +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1 +WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX +NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf +89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl +Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc +Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz +uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB +AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU +BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB +FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo +SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js +LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF +BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG +AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD +VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB +ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx +A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM +UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2 +DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1 +eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu +OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw +p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY +2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0 +ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR +PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b +rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 93:9b:99:9e:a4:8e:16:0d:5b:42:59:b4:3d:20:13:da + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Oct 6 15:44:34 2016 GMT + Not After : Oct 6 15:44:34 2021 GMT + Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X4 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:e1:24:74:42:7b:b7:91:31:d9:73:ff:38:aa:d8: + ce:44:5c:b7:39:0a:dc:44:ae:0d:bd:45:b9:97:37: + 67:af:bd:50:4f:5f:d3:10:54:6b:f7:41:da:8e:63: + e6:6d:5b:c0:e8:40:a9:8c:41:fc:d1:03:89:ff:62: + 61:09:60:d6:07:05:78:9a:90:bd:1a:64:3e:4f:dc: + cf:77:2f:89:6b:cb:67:af:41:4d:c5:8d:00:c0:6b: + fe:8d:84:dc:b5:f2:95:31:a8:e8:f6:90:a0:43:4a: + 93:74:5c:b3:3e:43:69:4b:89:22:47:74:51:3e:99: + 64:c3:cd:24:01:f9:84:2f:28:77:17:22:a7:dd:c3: + 6c:08:4c:66:2f:37:74:c5:6f:93:8e:b0:46:37:16: + 61:d1:50:98:c8:b0:0f:4f:58:53:7c:ac:f6:da:2d: + 96:61:50:ad:43:dc:0a:a6:4f:9e:b5:52:b9:9c:8e: + ef:4e:df:46:b3:31:dc:20:fc:69:c2:a3:20:75:3e: + ec:38:1b:36:4e:66:66:d2:df:f5:66:a4:93:2f:7b: + a6:0e:94:3e:60:3d:4a:4b:1c:6f:ba:b4:4d:1c:3c: + 91:58:6e:2f:4d:c4:da:70:db:ed:01:39:76:c0:49: + e7:e9:35:b5:14:06:90:c1:e5:92:e2:10:fd:6b:b9: + b4:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + Policy: 1.3.6.1.4.1.44947.1.1.1 + CPS: http://cps.root-x1.letsencrypt.org + + X509v3 Subject Key Identifier: + C5:B1:AB:4E:4C:B1:CD:64:30:93:7E:C1:84:99:05:AB:E6:03:E2:25 + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.root-x1.letsencrypt.org + + Authority Information Access: + OCSP - URI:http://ocsp.root-x1.letsencrypt.org/ + CA Issuers - URI:http://cert.root-x1.letsencrypt.org/ + + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Signature Algorithm: sha256WithRSAEncryption + 5e:2d:23:5c:86:8d:98:25:77:d9:4f:d3:5f:b3:7e:d5:37:69: + 25:74:ba:7d:1d:d8:62:94:30:ee:c6:c6:fc:13:2d:60:0a:43: + 3f:de:4f:eb:b7:27:8f:86:be:90:fe:04:c7:e8:a4:8c:64:25: + c0:c2:cc:c0:a1:8e:36:6d:65:9c:09:a4:86:3b:05:ab:55:ac: + ee:8e:90:49:9a:44:d2:13:b5:b6:7f:84:2c:0d:91:49:db:93: + 70:bb:10:6d:ce:18:96:65:a3:d6:f6:c3:30:3c:bf:d5:81:b0: + fc:c7:a5:3b:cb:7c:ea:fe:75:2e:7b:2c:b3:d9:06:1a:77:02: + b1:da:2d:b7:64:df:79:48:38:d4:4f:b7:db:2c:78:31:24:99: + d1:e7:56:61:a6:05:17:f8:f8:9d:16:cb:ae:e6:75:d3:af:cf: + 9a:c7:1f:cb:b3:63:de:2b:68:e6:b2:7f:6d:20:cf:37:26:aa: + 6a:2d:e2:13:d7:b4:31:b8:63:8f:4c:a0:53:0c:4f:69:1c:59: + c9:37:10:e4:c0:1f:a4:22:19:69:06:27:b7:31:31:f4:8b:dd: + 2d:27:88:0e:b0:80:52:6d:7c:44:c4:4c:e6:6e:f0:05:43:80: + 43:60:08:9d:c3:4b:46:f3:fd:d8:55:2a:fb:37:59:19:1a:2a: + eb:91:fd:6d:27:9c:2d:95:0d:d6:85:8f:8f:82:44:5f:0b:1a: + d9:ff:f0:44:5a:1f:8f:13:92:d1:f9:04:3c:83:55:c1:7d:cd: + f2:7b:e5:27:31:73:2d:b7:8c:02:f6:37:ac:37:9f:fb:77:9e: + 7a:a8:5e:df:48:9b:81:69:ac:3a:fe:98:fd:60:d9:9e:8b:7f: + 66:00:d2:31:37:91:96:a5:81:9e:a5:34:7b:b8:0a:6b:c9:62: + 83:93:48:9c:3d:5f:6a:a5:1a:5d:4a:f8:1e:14:df:6e:eb:1b: + 5b:51:c6:08:cc:ef:aa:4d:ea:52:12:d3:63:cc:10:2a:32:28: + 98:a0:a4:e4:81:bb:85:7c:f8:b5:5a:50:c7:b3:08:91:fd:41: + fe:04:29:e6:53:1d:d7:50:d6:df:7a:ce:f3:5d:da:cf:5e:c1: + 22:b1:fc:36:e5:5d:b2:ac:04:3c:c8:74:72:7e:aa:2e:be:17: + d0:c8:54:ce:7f:20:27:6d:0d:db:a5:38:ef:9d:af:f0:57:07: + ea:41:67:7b:95:c6:34:40:36:f2:4a:2a:97:71:91:e3:f2:96: + e2:13:48:d6:47:6d:a9:d6:44:dd:3b:80:cb:f0:05:63:8b:d3: + ad:22:e1:5a:cb:f5:ea:f5:b0:14:2b:46:35:3d:88:da:59:40: + 64:e7:2d:50:31:41:51:6e +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIRAJObmZ6kjhYNW0JZtD0gE9owDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0NDM0 +WhcNMjExMDA2MTU0NDM0WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhJHRCe7eRMdlz/ziq2M5EXLc5 +CtxErg29RbmXN2evvVBPX9MQVGv3QdqOY+ZtW8DoQKmMQfzRA4n/YmEJYNYHBXia +kL0aZD5P3M93L4lry2evQU3FjQDAa/6NhNy18pUxqOj2kKBDSpN0XLM+Q2lLiSJH +dFE+mWTDzSQB+YQvKHcXIqfdw2wITGYvN3TFb5OOsEY3FmHRUJjIsA9PWFN8rPba +LZZhUK1D3AqmT561Urmcju9O30azMdwg/GnCoyB1Puw4GzZOZmbS3/VmpJMve6YO +lD5gPUpLHG+6tE0cPJFYbi9NxNpw2+0BOXbASefpNbUUBpDB5ZLiEP1rubSFAgMB +AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU +BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB +FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBTF +satOTLHNZDCTfsGEmQWr5gPiJTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js +LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF +BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG +AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD +VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB +AF4tI1yGjZgld9lP01+zftU3aSV0un0d2GKUMO7GxvwTLWAKQz/eT+u3J4+GvpD+ +BMfopIxkJcDCzMChjjZtZZwJpIY7BatVrO6OkEmaRNITtbZ/hCwNkUnbk3C7EG3O +GJZlo9b2wzA8v9WBsPzHpTvLfOr+dS57LLPZBhp3ArHaLbdk33lIONRPt9sseDEk +mdHnVmGmBRf4+J0Wy67mddOvz5rHH8uzY94raOayf20gzzcmqmot4hPXtDG4Y49M +oFMMT2kcWck3EOTAH6QiGWkGJ7cxMfSL3S0niA6wgFJtfETETOZu8AVDgENgCJ3D +S0bz/dhVKvs3WRkaKuuR/W0nnC2VDdaFj4+CRF8LGtn/8ERaH48TktH5BDyDVcF9 +zfJ75Scxcy23jAL2N6w3n/t3nnqoXt9Im4FprDr+mP1g2Z6Lf2YA0jE3kZalgZ6l +NHu4CmvJYoOTSJw9X2qlGl1K+B4U327rG1tRxgjM76pN6lIS02PMECoyKJigpOSB +u4V8+LVaUMezCJH9Qf4EKeZTHddQ1t96zvNd2s9ewSKx/DblXbKsBDzIdHJ+qi6+ +F9DIVM5/ICdtDdulOO+dr/BXB+pBZ3uVxjRANvJKKpdxkePyluITSNZHbanWRN07 +gMvwBWOL060i4VrL9er1sBQrRjU9iNpZQGTnLVAxQVFu +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 07:9e:49:28:86:37:6f:d4:08:48:c2:3f:c6:31:e4:63 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + Validity + Not Before: Sep 4 00:00:00 2020 GMT + Not After : Sep 15 16:00:00 2025 GMT + Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X2 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:cd:9b:d5:9f:80:83:0a:ec:09:4a:f3:16:4a:3e: + 5c:cf:77:ac:de:67:05:0d:1d:07:b6:dc:16:fb:5a: + 8b:14:db:e2:71:60:c4:ba:45:95:11:89:8e:ea:06: + df:f7:2a:16:1c:a4:b9:c5:c5:32:e0:03:e0:1e:82: + 18:38:8b:d7:45:d8:0a:6a:6e:e6:00:77:fb:02:51: + 7d:22:d8:0a:6e:9a:5b:77:df:f0:fa:41:ec:39:dc: + 75:ca:68:07:0c:1f:ea + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 + X509v3 Authority Key Identifier: + keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E + + Authority Information Access: + CA Issuers - URI:http://x1.i.lencr.org/ + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://x1.c.lencr.org/ + + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + Policy: 1.3.6.1.4.1.44947.1.1.1 + + Signature Algorithm: sha256WithRSAEncryption + 1b:7f:25:2b:90:7a:08:76:00:77:18:e1:c3:2e:8a:36:4c:41: + 7e:bf:17:4b:e3:30:d7:5b:0c:7e:9c:96:98:6f:7b:b0:68:c0: + 24:44:cc:e2:f2:fc:d1:ea:db:d2:9f:01:f9:17:4d:0c:9d:55: + fd:a5:ad:6d:d2:2f:3f:4b:72:c0:2e:ae:73:c7:25:16:57:c2: + 3e:15:ad:e0:31:d1:0a:84:84:6c:62:78:42:31:22:46:1a:ed: + 7a:40:bf:97:16:81:44:77:ca:6c:7b:5d:21:5c:07:f2:11:91: + 21:bf:e1:2f:c2:ef:6e:fd:05:20:e4:b4:f7:79:f3:2d:bb:37: + 2a:f0:c6:b1:ac:ac:51:f5:1f:b3:5a:1e:66:ce:58:07:18:38: + 7f:71:a9:3c:83:ba:d7:bc:82:9e:9a:76:0f:9e:b0:29:fd:cb: + f3:89:07:48:1b:fe:ab:93:2e:14:21:0d:5f:af:8e:b7:54:ab: + 5d:0e:d4:5b:4c:71:d0:92:ea:3d:a3:36:9b:7c:1f:e0:3b:55: + b9:d8:53:53:cc:83:66:bb:4a:dc:81:06:00:18:8b:f4:b3:d7: + 48:b1:13:41:b9:c4:b6:9e:cf:2c:77:8e:42:20:0b:80:7e:9f: + c5:ab:48:db:bc:6f:04:8d:6c:46:29:02:0d:70:8a:1d:f1:12: + 73:b6:46:24:42:9e:2a:17:18:e3:ac:c7:98:c2:72:cc:6d:2d: + 76:6d:dd:2c:2b:26:96:a5:cf:21:08:1b:e5:da:2f:cb:ef:9f: + 73:93:ae:f8:36:5f:47:8f:97:28:ce:ab:e2:98:26:98:8b:fd: + ee:28:32:22:29:ed:4c:95:09:c4:20:fa:07:e1:86:2c:44:f6: + 81:47:c0:e4:62:32:ed:1d:d8:3c:48:88:96:c3:5e:91:b6:af: + 7b:59:a4:ee:e3:86:9c:c7:88:58:ca:28:2a:66:55:9b:85:80: + b9:1d:d8:40:2b:c9:1c:13:3c:a9:eb:de:99:c2:16:40:f6:f5: + a4:ae:2a:25:6c:52:ba:c7:04:4c:b4:32:bb:fc:38:5c:a0:0c: + 61:7b:57:ec:77:4e:50:cf:af:06:a2:0f:37:8c:e1:0e:d2:d3: + 2f:1a:bd:9c:71:3e:cc:e1:f8:d1:a8:a3:bd:04:f6:19:c0:f9: + 86:af:f5:0e:1a:aa:95:6b:ef:ca:47:71:4b:63:1c:4d:96:db: + 55:23:0a:9d:0f:81:75:a0:e6:40:f5:64:46:03:6e:ce:fa:6a: + 7d:06:ec:a4:34:06:74:da:53:d8:b9:b8:c6:23:7d:a9:f8:2a: + 2d:a4:82:a6:2e:2d:11:ca:e6:cd:31:58:79:85:e6:72:1c:a7: + 9f:d3:4c:d0:66:d0:a7:bb +-----BEGIN CERTIFICATE----- +MIIEYDCCAkigAwIBAgIQB55JKIY3b9QISMI/xjHkYzANBgkqhkiG9w0BAQsFADBP +MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy +Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yMDA5MDQwMDAwMDBa +Fw0yNTA5MTUxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5l +dCBTZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgy +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0H +ttwW+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7 +AlF9ItgKbppbd9/w+kHsOdx1ymgHDB/qo4HlMIHiMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR8Qpau3ktIO/qS+J6Mz22LqXI3lTAf +BgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQw +IgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wJwYDVR0fBCAwHjAc +oBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzAiBgNVHSAEGzAZMAgGBmeBDAEC +ATANBgsrBgEEAYLfEwEBATANBgkqhkiG9w0BAQsFAAOCAgEAG38lK5B6CHYAdxjh +wy6KNkxBfr8XS+Mw11sMfpyWmG97sGjAJETM4vL80erb0p8B+RdNDJ1V/aWtbdIv +P0tywC6uc8clFlfCPhWt4DHRCoSEbGJ4QjEiRhrtekC/lxaBRHfKbHtdIVwH8hGR +Ib/hL8Lvbv0FIOS093nzLbs3KvDGsaysUfUfs1oeZs5YBxg4f3GpPIO617yCnpp2 +D56wKf3L84kHSBv+q5MuFCENX6+Ot1SrXQ7UW0xx0JLqPaM2m3wf4DtVudhTU8yD +ZrtK3IEGABiL9LPXSLETQbnEtp7PLHeOQiALgH6fxatI27xvBI1sRikCDXCKHfES +c7ZGJEKeKhcY46zHmMJyzG0tdm3dLCsmlqXPIQgb5dovy++fc5Ou+DZfR4+XKM6r +4pgmmIv97igyIintTJUJxCD6B+GGLET2gUfA5GIy7R3YPEiIlsNekbave1mk7uOG +nMeIWMooKmZVm4WAuR3YQCvJHBM8qevemcIWQPb1pK4qJWxSuscETLQyu/w4XKAM +YXtX7HdOUM+vBqIPN4zhDtLTLxq9nHE+zOH40aijvQT2GcD5hq/1DhqqlWvvykdx +S2McTZbbVSMKnQ+BdaDmQPVkRgNuzvpqfQbspDQGdNpT2Lm4xiN9qfgqLaSCpi4t +EcrmzTFYeYXmchynn9NM0GbQp7s= +-----END CERTIFICATE----- diff --git a/checker/checker.go b/checker/checker.go index 3474483..6590db1 100644 --- a/checker/checker.go +++ b/checker/checker.go @@ -14,12 +14,12 @@ import ( "github.com/letsencrypt/boulder/core" "github.com/letsencrypt/boulder/crl/checker" - "github.com/letsencrypt/boulder/crl/idp" "github.com/letsencrypt/crl-monitor/checker/earlyremoval" "github.com/letsencrypt/crl-monitor/checker/expiry" "github.com/letsencrypt/crl-monitor/cmd" "github.com/letsencrypt/crl-monitor/db" + "github.com/letsencrypt/crl-monitor/idp" "github.com/letsencrypt/crl-monitor/storage" ) @@ -125,8 +125,8 @@ type crlSummary struct { } func summary(crl *x509.RevocationList, key storage.Key) crlSummary { - // If getIDP fails, we will just log "" - idp, _ := getIDP(crl) + // If idp.Get() fails, we will just log "" + idp, _ := idp.Get(crl) return crlSummary{ ThisUpdate: crl.ThisUpdate, NextUpdate: crl.NextUpdate, @@ -178,7 +178,7 @@ func (c *Checker) Check(ctx context.Context, bucket, object string, startingVers } log.Printf("crl %d successfully linted", crl.Number) - _, err = getIDP(crl) + _, err = idp.Get(crl) if err != nil { return err } @@ -239,7 +239,7 @@ func (c *Checker) lookForSeenCerts(ctx context.Context, crl *x509.RevocationList var errs []error for _, seen := range crl.RevokedCertificateEntries { if metadata, ok := unseenCerts[db.NewCertKey(seen.SerialNumber).SerialString()]; ok { - idp, err := getIDP(crl) + idp, err := idp.Get(crl) if err != nil { errs = append(errs, err) continue @@ -274,14 +274,3 @@ func (c *Checker) issuerForObject(object string) (*x509.Certificate, error) { return issuer, nil } - -func getIDP(crl *x509.RevocationList) (string, error) { - idps, err := idp.GetIDPURIs(crl.Extensions) - if err != nil { - return "", fmt.Errorf("extracting IssuingDistributionPoint URIs: %v", err) - } - if len(idps) == 1 { - return idps[0], nil - } - return "", fmt.Errorf("CRL had incorrect number of IssuingDistributionPoint URIs: %s", idps) -} diff --git a/cmd/ccadb-checker/ccadb-checker.go b/cmd/ccadb-checker/ccadb-checker.go new file mode 100644 index 0000000..e0abd29 --- /dev/null +++ b/cmd/ccadb-checker/ccadb-checker.go @@ -0,0 +1,20 @@ +package main + +import ( + "context" + "log" + + "github.com/letsencrypt/crl-monitor/ccadb" +) + +func main() { + checker, err := ccadb.NewFromEnv() + if err != nil { + log.Fatal(err) + } + + err = checker.Check(context.Background()) + if err != nil { + log.Fatal(err) + } +} diff --git a/idp/idp.go b/idp/idp.go new file mode 100644 index 0000000..517747b --- /dev/null +++ b/idp/idp.go @@ -0,0 +1,57 @@ +package idp + +import ( + "crypto/x509" + "encoding/asn1" + "errors" + "fmt" +) + +var idpOID = asn1.ObjectIdentifier{2, 5, 29, 28} // id-ce-issuingDistributionPoint + +// idpASN1 represents the ASN.1 IssuingDistributionPoint +// SEQUENCE as defined in RFC 5280 Section 5.2.5. We only care about DistributionPointName. +type idpASN1 struct { + DistributionPoint distributionPointName `asn1:"optional,tag:0"` +} + +// distributionPointName represents the ASN.1 DistributionPointName CHOICE as +// defined in RFC 5280 Section 4.2.1.13. We only use one of the fields, so the +// others are omitted. +type distributionPointName struct { + // Technically, FullName is of type GeneralNames, which is of type SEQUENCE OF + // GeneralName. But GeneralName itself is of type CHOICE, and the asn1.Marshal + // function doesn't support marshalling structs to CHOICEs, so we have to use + // asn1.RawValue. + FullName []asn1.RawValue `asn1:"optional,tag:0"` +} + +// GetIDP returns the single URL contained within the issuingDistributionPoint +// extension, if present, or an error otherwise. +func Get(crl *x509.RevocationList) (string, error) { + var url string + for _, ext := range crl.Extensions { + if ext.Id.Equal(idpOID) { + if url != "" { + return "", errors.New("multiple IssuingDistributionPoint extensions in CRL") + } + var val idpASN1 + rest, err := asn1.Unmarshal(ext.Value, &val) + if err != nil { + return "", fmt.Errorf("parsing IssuingDistributionPoint extension: %w", err) + } + if len(rest) != 0 { + return "", fmt.Errorf("parsing IssuingDistributionPoint extension: got %d unexpected trailing bytes", len(rest)) + } + + if len(val.DistributionPoint.FullName) != 1 { + return "", fmt.Errorf("incorrect number of IssuingDistributionPoint URLs: %d", len(val.DistributionPoint.FullName)) + } + url = string(val.DistributionPoint.FullName[0].Bytes) + } + } + if url == "" { + return "", errors.New("no IssuingDistributionPoint extension found") + } + return url, nil +} diff --git a/idp/idp_test.go b/idp/idp_test.go new file mode 100644 index 0000000..26eac91 --- /dev/null +++ b/idp/idp_test.go @@ -0,0 +1,38 @@ +package idp + +import ( + "crypto/x509" + "encoding/pem" + "testing" +) + +func TestGet(t *testing.T) { + crlPEM := `-----BEGIN X509 CRL----- +MIIB5zCB0AIBATANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJVUzEWMBQGA1UE +ChMNTGV0J3MgRW5jcnlwdDELMAkGA1UEAxMCUjMXDTI1MDMwNTIyNDQ0MFoXDTI1 +MDMxNDIyNDQzOVqgajBoMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLG +MBEGA1UdFAQKAggYKgmGvjobBTAyBgNVHRwBAf8EKDAmoCGgH4YdaHR0cDovL3Iz +LmMubGVuY3Iub3JnLzEwNS5jcmyBAf8wDQYJKoZIhvcNAQELBQADggEBAEiuzZV0 +mH/ZYJCQ+0yH0GqkVeAS3sXNAbTh73P2sxehfjBD+c8/UtBX9QfUCdt/2BhgjnWU +oXBH0Egi9SFDaqEP/5cnRFZIMb3SIIW9O8ukW5RVYrSSH5cN8q0oA958ACnqfPE2 +mGmEk8fTcOhKD0gint+NRZMuPs2MYfhPimUmR28vWyOSVm7Gnu62Roa625BK+vSs +D5gW7s9jgLTO/PTmZMIf3qD+5ZCZMbP1sgcgF5L3fvTgRawdwU33p3D3xPd55VK7 +zfcmGyL+F1x+tWPEPeKm8l2Oya1dZK9z6J0tQIPz/IgQh0+zoHnbdAgfZ1MD86Te +3RXFZ/P2MpuSww8= +-----END X509 CRL----- + ` + + block, _ := pem.Decode([]byte(crlPEM)) + crl, err := x509.ParseRevocationList(block.Bytes) + if err != nil { + t.Fatal(err) + } + want := "http://r3.c.lencr.org/105.crl" + got, err := Get(crl) + if err != nil { + t.Fatal(err) + } + if got != want { + t.Errorf("Get()=%s, want %s", got, want) + } +} diff --git a/lambda/ccadbchecker/ccadbchecker.go b/lambda/ccadbchecker/ccadbchecker.go new file mode 100644 index 0000000..6dda420 --- /dev/null +++ b/lambda/ccadbchecker/ccadbchecker.go @@ -0,0 +1,20 @@ +package main + +import ( + "context" + "log" + + "github.com/aws/aws-lambda-go/lambda" + "github.com/letsencrypt/crl-monitor/ccadb" +) + +func main() { + ctx := context.Background() + + c, err := ccadb.NewFromEnv() + if err != nil { + log.Fatalf("Error creating Checker: %v", err) + } + + lambda.StartWithOptions(c.Check, lambda.WithContext(ctx)) +}