---------- ORIGINAL FORMAT ----------
CONNECTED(00000003)
---
Certificate chain
 0 s:CN=tobacco.org
   i:C=US, O=Let's Encrypt, CN=E5
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384
   v:NotBefore: Jun  9 04:02:42 2024 GMT; NotAfter: Sep  7 04:02:41 2024 GMT
-----BEGIN CERTIFICATE-----
MIIDijCCAxCgAwIBAgISA1xkKTImpqEwWFQmXIkG5NV5MAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNDA2MDkwNDAyNDJaFw0yNDA5MDcwNDAyNDFaMBYxFDASBgNVBAMTC3Rv
YmFjY28ub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpnFDWjj9x7ccsfIU
g04SPZ3BzleZGng1Y2Og9RyM7hywL789Zo5TbWgtGsOIqhrqZnh3OXJosE25ZAY+
pcOp/qOCAiAwggIcMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUyvhJdML89kiMwd9e
C19V+IWA5bgwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0wVQYIKwYB
BQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5vcmcwIgYI
KwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxlbmNyLm9yZy8wJwYDVR0RBCAwHoILdG9i
YWNjby5vcmeCD3d3dy50b2JhY2NvLm9yZzATBgNVHSAEDDAKMAgGBmeBDAECATCC
AQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0s
gdm7v6s52IRzAAABj/tgl/MAAAQDAEgwRgIhAMChQy09gLY7BQ0/3wTkQSOanBCe
nYe0y4149TX+BFMfAiEA4kz8rHGFUObD43hPjdLilmVmQ5jXhcKc+++YraqB7S0A
dwB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAY/7YJg+AAAEAwBI
MEYCIQDjOjtHaBQYfpTD4Mq33Ef6JUQJH4fxjb0DIZs19z95aQIhAJTuZFRAV2tr
BKuKSEmhgYmAyQLUSwgBxa/jAEEo+z9+MAoGCCqGSM49BAMDA2gAMGUCMF8UZDe0
c8Fu1c+7aRiBwQO1ZwKItjq/zEkVUF5XvaxpHr5PQ8zzeDA/w4zJvpO0dAIxAJru
DIV9OmXMlnjg82FlZOoWcxANzagRY+jlwalRV104o1zo359+OdNg+Mk/KOJMQg==
-----END CERTIFICATE-----
 1 s:C=US, O=Let's Encrypt, CN=E5
   i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
   a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
VQD9F6Na/+zmXCc=
-----END CERTIFICATE-----
---
Server certificate
subject=CN=tobacco.org
issuer=C=US, O=Let's Encrypt, CN=E5
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2384 bytes and written 526 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_128_GCM_SHA256
    Session-ID: 29BA094F925DC4B29F8C3E598A7579268757B8C17B8455150E5A9480DFADB1D1
    Session-ID-ctx: 
    Resumption PSK: 3CFD0AF4789EE2FB9F1E7F805D619CB75F0769E532C04FC927B925BB7832CBDE
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 604800 (seconds)
    TLS session ticket:
    0000 - b7 d1 e5 dc 2d 56 27 47-07 c8 77 4e d4 3f 0f 3a   ....-V'G..wN.?.:
    0010 - a2 92 19 18 ff c7 7c 1b-30 2d 46 46 04 35 21 fa   ......|.0-FF.5!.
    0020 - 98 6f 5c 62 ad 03 c4 9c-57 3c 2f c4 99 44 a4 ee   .o\b....W</..D..
    0030 - 3a 95 eb 6f 07 a0 ea a8-b0 4d ab 15 32 b6 36 16   :..o.....M..2.6.
    0040 - 30 af 9a 5b 24 12 a2 73-e1 db 8a 2c bf 19 2d 7b   0..[$..s...,..-{
    0050 - 86 84 7a 83 8b c0 ad b9-dd bc d9 3e 5f 09 a6 45   ..z........>_..E
    0060 - f4 4f 2d bb e4 ea 48 1f-8e                        .O-...H..

    Start Time: 1730601675
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

---------- READABLE FORMAT ----------
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:5c:64:29:32:26:a6:a1:30:58:54:26:5c:89:06:e4:d5:79
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=Let's Encrypt, CN=E5
        Validity
            Not Before: Jun  9 04:02:42 2024 GMT
            Not After : Sep  7 04:02:41 2024 GMT
        Subject: CN=tobacco.org
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:a6:71:43:5a:38:fd:c7:b7:1c:b1:f2:14:83:4e:
                    12:3d:9d:c1:ce:57:99:1a:78:35:63:63:a0:f5:1c:
                    8c:ee:1c:b0:2f:bf:3d:66:8e:53:6d:68:2d:1a:c3:
                    88:aa:1a:ea:66:78:77:39:72:68:b0:4d:b9:64:06:
                    3e:a5:c3:a9:fe
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                CA:F8:49:74:C2:FC:F6:48:8C:C1:DF:5E:0B:5F:55:F8:85:80:E5:B8
            X509v3 Authority Key Identifier: 
                9F:2B:5F:CF:3C:21:4F:9D:04:B7:ED:2B:2C:C4:C6:70:8B:D2:D7:0D
            Authority Information Access: 
                OCSP - URI:http://e5.o.lencr.org
                CA Issuers - URI:http://e5.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:tobacco.org, DNS:www.tobacco.org
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Jun  9 05:02:42.675 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:C0:A1:43:2D:3D:80:B6:3B:05:0D:3F:
                                DF:04:E4:41:23:9A:9C:10:9E:9D:87:B4:CB:8D:78:F5:
                                35:FE:04:53:1F:02:21:00:E2:4C:FC:AC:71:85:50:E6:
                                C3:E3:78:4F:8D:D2:E2:96:65:66:43:98:D7:85:C2:9C:
                                FB:EF:98:AD:AA:81:ED:2D
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Jun  9 05:02:42.750 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:E3:3A:3B:47:68:14:18:7E:94:C3:E0:
                                CA:B7:DC:47:FA:25:44:09:1F:87:F1:8D:BD:03:21:9B:
                                35:F7:3F:79:69:02:21:00:94:EE:64:54:40:57:6B:6B:
                                04:AB:8A:48:49:A1:81:89:80:C9:02:D4:4B:08:01:C5:
                                AF:E3:00:41:28:FB:3F:7E
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:65:02:30:5f:14:64:37:b4:73:c1:6e:d5:cf:bb:69:18:81:
        c1:03:b5:67:02:88:b6:3a:bf:cc:49:15:50:5e:57:bd:ac:69:
        1e:be:4f:43:cc:f3:78:30:3f:c3:8c:c9:be:93:b4:74:02:31:
        00:9a:ee:0c:85:7d:3a:65:cc:96:78:e0:f3:61:65:64:ea:16:
        73:10:0d:cd:a8:11:63:e8:e5:c1:a9:51:57:5d:38:a3:5c:e8:
        df:9f:7e:39:d3:60:f8:c9:3f:28:e2:4c:42
