diff --git a/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go b/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go
index d622f7466..b68a66d63 100644
--- a/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go
+++ b/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go
@@ -40,7 +40,7 @@ func NewCommonNameMailboxValidated() lint.LintInterface {
 }
 
 func (l *commonNameMailboxValidated) CheckApplies(c *x509.Certificate) bool {
-	return util.IsMailboxValidatedCertificate(c)
+	return util.IsMailboxValidatedCertificate(c) && util.IsSubscriberCert(c)
 }
 
 func (l *commonNameMailboxValidated) Execute(c *x509.Certificate) *lint.LintResult {
diff --git a/v3/lints/rfc/lint_crl_revoked_certificates_field_empty.go b/v3/lints/rfc/lint_crl_revoked_certificates_field_empty.go
index 3fe809bb4..4ab576d37 100644
--- a/v3/lints/rfc/lint_crl_revoked_certificates_field_empty.go
+++ b/v3/lints/rfc/lint_crl_revoked_certificates_field_empty.go
@@ -64,23 +64,14 @@ func (l *revokedCertificates) Execute(c *x509.RevocationList) *lint.LintResult {
 	// or confirmed to be missing from the ASN.1 data structure.
 	input := cryptobyte.String(c.Raw)
 
-	// From crypto/x509/parser.go: we read the SEQUENCE including length and tag
-	// bytes so that we can populate RevocationList.Raw, before unwrapping the
-	// SEQUENCE so it can be operated on
-	if !input.ReadASN1Element(&input, cryptobyte_asn1.SEQUENCE) {
-		return &lint.LintResult{Status: lint.Fatal, Details: "malformed CRL"}
-	}
+	// Extract the CertificateList
 	if !input.ReadASN1(&input, cryptobyte_asn1.SEQUENCE) {
 		return &lint.LintResult{Status: lint.Fatal, Details: "malformed CRL"}
 	}
 
 	var tbs cryptobyte.String
-	// From crypto/x509/parser.go: do the same trick again as above to extract
-	// the raw bytes for Certificate.RawTBSCertificate
-	if !input.ReadASN1Element(&tbs, cryptobyte_asn1.SEQUENCE) {
-		return &lint.LintResult{Status: lint.Fatal, Details: "malformed TBS CRL"}
-	}
-	if !tbs.ReadASN1(&tbs, cryptobyte_asn1.SEQUENCE) {
+	// Extract the TBSCertList from the CertificateList
+	if !input.ReadASN1(&tbs, cryptobyte_asn1.SEQUENCE) {
 		return &lint.LintResult{Status: lint.Fatal, Details: "malformed TBS CRL"}
 	}
 
diff --git a/v3/util/gtld_map.go b/v3/util/gtld_map.go
index 0dc054549..42be89385 100644
--- a/v3/util/gtld_map.go
+++ b/v3/util/gtld_map.go
@@ -4416,7 +4416,7 @@ var tldMap = map[string]GTLDPeriod{
 	"natura": {
 		GTLD:           "natura",
 		DelegationDate: "2016-02-11",
-		RemovalDate:    "",
+		RemovalDate:    "2024-06-12",
 	},
 	"navy": {
 		GTLD:           "navy",