isrg-root-x2.der: CN=ISRG Root X2,O=Internet Security Research Group,C=US (Root Certificate, Expiring 2040-09-17) detail info and audit record

CA Certificate Information and Audit Record

This certificate is root certificate used for the issuance of other certificates.

• Certificate Download URL: https://letsencrypt.org/certs/isrg-root-x2.der (in DER format )
• Serial Number : 87493402998870891108772069816698636114
• SHA-1 Fingerprint : bdb1b93cd5978d45c6261455f8db95c75ad153af
• SHA-1 Fingerprint : bd:b1:b9:3c:d5:97:8d:45:c6:26:14:55:f8:db:95:c7:5a:d1:53:af
• SHA-256 Fingerprint : 69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470
• SHA-256 Fingerprint : 69:72:9b:8e:15:a8:6e:fc:17:7a:57:af:b7:17:1d:fc:64:ad:d2:8c:2f:ca:8c:f1:50:7e:34:45:3c:cb:14:70
• Signature Hash Algorithm : sha384
• Subject : CN=ISRG Root X2,O=Internet Security Research Group,C=US
  • Country Name: US (United States of America)
  • Organization: Internet Security Research Group
  • Common Name: ISRG Root X2
• Not Valid Before: 2020-09-04 00:00:00
• Not Valid After: 2040-09-17 16:00:00
• Issuer (Parent Certificate):
  • Issuer Name: CN=ISRG Root X2,O=Internet Security Research Group,C=US
  • Issuer Certificate URL: NA
• Audit Record:
  • Revocation Status: Root Certificate
  • Certificate Policy (CP) URL: https://letsencrypt.org/documents/isrg-cp-v3.3/ https://letsencrypt.org/documents/isrg-cp-v3.1/ https://letsencrypt.org/documents/isrg-cp-v2.7/ https://letsencrypt.org/documents/isrg-cp-v2.6/ https://letsencrypt.org/documents/isrg-cp-v2.5/
  • Certificate Practice Statement (CPS) URL: https://letsencrypt.org/documents/isrg-cps-v4.4/ https://letsencrypt.org/documents/isrg-cps-v4.3/ https://letsencrypt.org/documents/isrg-cps-v4.1/ https://letsencrypt.org/documents/isrg-cps-v3.3/ https://letsencrypt.org/documents/isrg-cps-v3.1/ https://letsencrypt.org/documents/isrg-cps-v3.0/
  • Auditor: Schellman & Company, LLC.
  • Standard Audit URL: https://www.cpacanada.ca/generichandlers/CPACHandler.ashx?attachmentid=cd221a0a-aa3c-49a9-bd8a-ad336588075a
  • Standard Audit Period Start Date: 2021.09.01
  • Standard Audit Period End Date: 2022.08.31
  • Standard Audit Statement Date: 2022.11.08
  • Standard Audit Type: WebTrust
  • Full CRL Issued By This CA: http://x2.c.lencr.org/

Download certificate through curl:

curl -sSL "https://letsencrypt.org/certs/isrg-root-x2.der" --output cert.crt

Download certificate through wget:

wget -q "https://letsencrypt.org/certs/isrg-root-x2.der" --output-document=cert.crt

CA Certificate Detail Information

Use openssl x509 to decode DER certificate to get detail information:

openssl x509 -in cert.crt -inform der -text -noout

Use openssl x509 to decode PEM certificate to get detail information:

openssl x509 -in cert.crt -inform pem -text -noout

Decoded detail certificate information:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:d2:9d:d1:72:ea:ee:a7:80:c1:2c:6c:e9:2f:87:52
    Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2
        Validity
            Not Before: Sep  4 00:00:00 2020 GMT
            Not After : Sep 17 16:00:00 2040 GMT
        Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X2
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub: 
                    04:cd:9b:d5:9f:80:83:0a:ec:09:4a:f3:16:4a:3e:
                    5c:cf:77:ac:de:67:05:0d:1d:07:b6:dc:16:fb:5a:
                    8b:14:db:e2:71:60:c4:ba:45:95:11:89:8e:ea:06:
                    df:f7:2a:16:1c:a4:b9:c5:c5:32:e0:03:e0:1e:82:
                    18:38:8b:d7:45:d8:0a:6a:6e:e6:00:77:fb:02:51:
                    7d:22:d8:0a:6e:9a:5b:77:df:f0:fa:41:ec:39:dc:
                    75:ca:68:07:0c:1f:ea
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95
    Signature Algorithm: ecdsa-with-SHA384
         30:65:02:30:7b:79:4e:46:50:84:c2:44:87:46:1b:45:70:ff:
         58:99:de:f4:fd:a4:d2:55:a6:20:2d:74:d6:34:bc:41:a3:50:
         5f:01:27:56:b4:be:27:75:06:af:12:2e:75:98:8d:fc:02:31:
         00:8b:f5:77:6c:d4:c8:65:aa:e0:0b:2c:ee:14:9d:27:37:a4:
         f9:53:a5:51:e4:29:83:d7:f8:90:31:5b:42:9f:0a:f5:fe:ae:
         00:68:e7:8c:49:0f:b6:6f:5b:5b:15:f2:e7

CA Certificate in PEM Format

Use openssl x509 to convert certificate from DER format to PEM format:

openssl x509 -in cert.crt -inform der

Converted PEM format certificate:

-----BEGIN CERTIFICATE-----
MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw
CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00
MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT
ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw
EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW
+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9
ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI
zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW
tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
/q4AaOeMSQ+2b1tbFfLn
-----END CERTIFICATE-----

Decode PEM Certificate online

Download PEM Certificate

Also see Top 1 Millions Domains CA Certificate List

Related Certificates

• lets-encrypt-e1.der: CN=E1,O=Let’s Encrypt,C=US (Expiring: 2025-09-15)
• lets-encrypt-e2.der: CN=E2,O=Let’s Encrypt,C=US (Expiring: 2025-09-15)
• isrg-root-ocsp-x1.der: CN=ISRG Root OCSP X1,O=Internet Security Research Group,C=US (Expiring: 2025-06-10)
• isrg-root-x1-cross-signed.der: CN=ISRG Root X1,O=Internet Security Research Group,C=US (Expiring: 2024-09-30)
• isrgrootx1.der: CN=ISRG Root X1,O=Internet Security Research Group,C=US (Expiring: 2035-06-04)
• isrg-root-x2-cross-signed.der: CN=ISRG Root X2,O=Internet Security Research Group,C=US (Expiring: 2025-09-15)
• lets-encrypt-x1-cross-signed.der: CN=Let’s Encrypt Authority X1,O=Let’s Encrypt,C=US (Expiring: 2020-10-19)
• letsencryptauthorityx1.der: CN=Let’s Encrypt Authority X1,O=Let’s Encrypt,C=US (Expiring: 2020-06-04)
• lets-encrypt-x2-cross-signed.der: CN=Let’s Encrypt Authority X2,O=Let’s Encrypt,C=US (Expiring: 2020-10-19)
• letsencryptauthorityx2.der: CN=Let’s Encrypt Authority X2,O=Let’s Encrypt,C=US (Expiring: 2020-06-04)
• http://cert.int-x3.letsencrypt.org/: CN=Let’s Encrypt Authority X3,O=Let’s Encrypt,C=US (Expiring: 2021-03-17)
• lets-encrypt-x3-cross-signed.der: CN=Let’s Encrypt Authority X3,O=Let’s Encrypt,C=US (Expiring: 2021-03-17)
• letsencryptauthorityx3.der: CN=Let’s Encrypt Authority X3,O=Let’s Encrypt,C=US (Expiring: 2021-10-06)
• lets-encrypt-x4-cross-signed.der: CN=Let’s Encrypt Authority X4,O=Let’s Encrypt,C=US (Expiring: 2021-03-17)
• letsencryptauthorityx4.der: CN=Let’s Encrypt Authority X4,O=Let’s Encrypt,C=US (Expiring: 2021-10-06)
• lets-encrypt-r3-cross-signed.der: CN=R3,O=Let’s Encrypt,C=US (Expiring: 2021-09-29)
• lets-encrypt-r3.der: CN=R3,O=Let’s Encrypt,C=US (Expiring: 2025-09-15)
• lets-encrypt-r4-cross-signed.der: CN=R4,O=Let’s Encrypt,C=US (Expiring: 2021-09-29)
• lets-encrypt-r4.der: CN=R4,O=Let’s Encrypt,C=US (Expiring: 2025-09-15)