diff --git a/.gitignore b/.gitignore
index 5847e17..2f8fa1f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -174,3 +174,4 @@ cython_debug/
 tuf-repo-cdn.sigstore.dev.json
 verifier/
 tinfoil/tinfoil_verifier/
+.DS_Store
\ No newline at end of file
diff --git a/example.py b/example.py
index c2cde01..a288cae 100644
--- a/example.py
+++ b/example.py
@@ -9,6 +9,6 @@
             "content": "What is Tinfoil?",
         }
     ],
-    model="llama3-3-70b",
+    model="llama-free",
 )
 print(chat_completion.choices[0].message.content)
diff --git a/pyproject.toml b/pyproject.toml
index 3121668..0682a33 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -8,7 +8,7 @@ packages = ["tinfoil", "tinfoil.attestation"]
 
 [project]
 name = "tinfoil"
-version = "0.10.0"
+version = "0.10.1"
 description = "Python client for Tinfoil"
 readme = "README.md"
 requires-python = ">=3.10"
diff --git a/src/tinfoil/attestation/verify.py b/src/tinfoil/attestation/verify.py
index 340baad..c7e8a5e 100644
--- a/src/tinfoil/attestation/verify.py
+++ b/src/tinfoil/attestation/verify.py
@@ -18,6 +18,8 @@
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric import ec, utils
 from cryptography.x509.oid import ObjectIdentifier
+import warnings
+from cryptography.utils import CryptographyDeprecationWarning
 
 # Type alias for certificate extensions
 Extensions: TypeAlias = Dict[ObjectIdentifier, bytes]
@@ -112,7 +114,15 @@ def from_report(cls, report:Report) -> 'CertificateChain':
 
         # Parse the (cached or freshly‑downloaded) certificate
         try:
-            vcek = x509.load_der_x509_certificate(vcek_cert_data)
+            # cryptography 46+ emits a deprecation warning for non‑positive serial numbers.
+            # Suppress this specific deprecation warning locally when parsing VCEK DER.
+            with warnings.catch_warnings():
+                warnings.filterwarnings(
+                    "ignore",
+                    message=r"Parsed a serial number which wasn't positive",
+                    category=CryptographyDeprecationWarning,
+                )
+                vcek = x509.load_der_x509_certificate(vcek_cert_data)
         except Exception as e:
             # Corrupted cache?  Remove and propagate error so caller can retry.
             if os.path.exists(cache_path):
@@ -135,7 +145,14 @@ def _load_cert(filepath: str) -> x509.Certificate:
         if ext.lower() == '.pem':
             return x509.load_pem_x509_certificate(data)
         else:
-            return x509.load_der_x509_certificate(data)
+            # Suppress cryptography deprecation warnings for DER parsing as above.
+            with warnings.catch_warnings():
+                warnings.filterwarnings(
+                    "ignore",
+                    message=r"Parsed a serial number which wasn't positive",
+                    category=CryptographyDeprecationWarning,
+                )
+                return x509.load_der_x509_certificate(data)
         
     def verify_chain(self) -> bool:
         # Validate VCEK format