diff --git a/v3/lints/rfc/lint_subject_dn_not_printable_characters.go b/v3/lints/rfc/lint_subject_dn_not_printable_characters.go
index d3a04187e..6d151ddd4 100644
--- a/v3/lints/rfc/lint_subject_dn_not_printable_characters.go
+++ b/v3/lints/rfc/lint_subject_dn_not_printable_characters.go
@@ -15,8 +15,6 @@
 package rfc
 
 import (
-	"unicode/utf8"
-
 	"github.com/zmap/zcrypto/encoding/asn1"
 	"github.com/zmap/zcrypto/x509"
 	"github.com/zmap/zlint/v3/lint"
@@ -59,15 +57,20 @@ func (l *subjectDNNotPrintableCharacters) Execute(c *x509.Certificate) *lint.Lin
 	for _, attrTypeAndValueSet := range rdnSequence {
 		for _, attrTypeAndValue := range attrTypeAndValueSet {
 			bytes := attrTypeAndValue.Value.Bytes
-			for len(bytes) > 0 {
-				r, size := utf8.DecodeRune(bytes)
+			var runes []rune
+			if attrTypeAndValue.Value.Tag == tagBMPString {
+				runestr, _ := util.ParseBMPString(bytes)
+				runes = []rune(runestr)
+			} else {
+				runes = []rune(string(bytes))
+			}
+			for _, r := range runes {
 				if r < 0x20 {
 					return &lint.LintResult{Status: lint.Error}
 				}
 				if r >= 0x7F && r <= 0x9F {
 					return &lint.LintResult{Status: lint.Error}
 				}
-				bytes = bytes[size:]
 			}
 		}
 	}