san1.klmonline.com
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:c1:e9:15:82:7d:73:71:ab:be:80:1f:01:ba:a9:26:c0:b3 was issued on by Let's Encrypt.
With 65 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=san1.klmonline.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:c1:e9:15:82:7d:73:71:ab:be:80:1f:01:ba:a9:26:c0:b3Serial Number (int): 327321176418926275002855834420109730300083
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 3c:c9:1f:74:40:37:42:ae:cf:2b:2c:2c:d6:b0:e1:1f:43:15:c8:f1
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 33:db:50:eb:70:d4:91:c5:67:d8:5a:99:e3:99:a4:fc:85:67:e9:49
Fingerprint (sha256): 03:fd:3d:ae:65:6c:f2:e5:03:04:87:7f:cb:31:ec:20:c2:f1:aa:fd:15:21:3c:c5:04:d3:5c:37:58:18:82:7c
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate san1.klmonline.com
65
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for san1.klmonline.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
amsterdam-cms.klm.com
amsterdam.klm.com
api.campaigndesigner2.klm.com
bannerspace.klm.com
blog-origin.klm.com
blog.klm.com
brand.klm.com
bumblebee.klm.com
campaigndesigner.klm.com
campaigndesigner2.klm.com
campaigns-origin.klm.com
experience.klm.com
farefeed.klm.com
fightblue.klm.com
flightbundlebusiness.klm.com
flyresponsibly.klm.com
gamification.klm.com
groepen.klm.com
jcc.klm.com
jijenklm.nl
klmholidays.be
klmholidays.lu
klmholidays.nl
librodereclamaciones.klm.com
livedeals.klm.com
livedeals.klm.nl
livestreammachine.klm.com
lwcdn.klm.com
neverdone-origin.klm.com
offers.klm.com
ondernemen.klm.com
paapi.klm.com
packagedeals.klm.com
passport-cms.klm.com
passport.klm.com
paymentpa.klm.com
photocompetition.klm.com
play-cms.klm.com
play-origin.klm.com
previews.campaigndesigner2.klm.com
pricealerts.klm.com
promotions.klm.com
promotions2.klm.com
quoidenouveau.flyingblue.com
reasons.klm.com
running.klm.com
san1.klmonline.com
schiphol-service.klm.com
social-origin.klmonline.com
socialpayments.klm.com
socialtv.klm.com
surf.klm.com
sustainability.klm.com
take-me-there.klm.com
travelforcities.klm.com
travelforfood.klm.com
travelforsurf-origin.klm.com
wannagives.klm.com
wbc.klm.com
wecare.klm.com
weetenwin-cms.klm.com
weetenwin.klm.com
werelddealwekker.klm.com
winwith.klm.com
www.jijenklm.nl
amsterdam.klm.com
api.campaigndesigner2.klm.com
bannerspace.klm.com
blog-origin.klm.com
blog.klm.com
brand.klm.com
bumblebee.klm.com
campaigndesigner.klm.com
campaigndesigner2.klm.com
campaigns-origin.klm.com
experience.klm.com
farefeed.klm.com
fightblue.klm.com
flightbundlebusiness.klm.com
flyresponsibly.klm.com
gamification.klm.com
groepen.klm.com
jcc.klm.com
jijenklm.nl
klmholidays.be
klmholidays.lu
klmholidays.nl
librodereclamaciones.klm.com
livedeals.klm.com
livedeals.klm.nl
livestreammachine.klm.com
lwcdn.klm.com
neverdone-origin.klm.com
offers.klm.com
ondernemen.klm.com
paapi.klm.com
packagedeals.klm.com
passport-cms.klm.com
passport.klm.com
paymentpa.klm.com
photocompetition.klm.com
play-cms.klm.com
play-origin.klm.com
previews.campaigndesigner2.klm.com
pricealerts.klm.com
promotions.klm.com
promotions2.klm.com
quoidenouveau.flyingblue.com
reasons.klm.com
running.klm.com
san1.klmonline.com
schiphol-service.klm.com
social-origin.klmonline.com
socialpayments.klm.com
socialtv.klm.com
surf.klm.com
sustainability.klm.com
take-me-there.klm.com
travelforcities.klm.com
travelforfood.klm.com
travelforsurf-origin.klm.com
wannagives.klm.com
wbc.klm.com
wecare.klm.com
weetenwin-cms.klm.com
weetenwin.klm.com
werelddealwekker.klm.com
winwith.klm.com
www.jijenklm.nl
Other certificates including the domain name klmonline.com
(limited to 100 certificates)
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
Certificate
The complete raw certificate details for san1.klmonline.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIKpjCCCY6gAwIBAgISA8HpFYJ9c3GrvoAfAbqpJsCzMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA0MTAwNTU5MDVaFw0y MDA3MDkwNTU5MDVaMB0xGzAZBgNVBAMTEnNhbjEua2xtb25saW5lLmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALscTHQ5XgrFk3h7/+rVG2mU8Oby EoU6v8xdGEWbO3bar7B4nqWUidskTGGkS9j4NrqwLNs1IuqTpt/CsZw314ZIXHcb qzEkGNOEtH27NeZ4yHO2OtYnR4NeO4kacHBZBuCe08qe0RUgZyFrHhOyYsbbV4W0 A+8Pa+bCjHo2gCOZvWQFIBdaVBCDdRCLb+851DNwxgyP6WVNSEMG1T28ifiRuFUp XQjy1XVL9tAhC9CtsSOYcgUCMwwLOAvH0Ee0wHh5QrOyu65pE6omBn4qJ1YfN8/h q6tT0KhmWLfwyC/bW8sj0FmkgQu8iTS3H5I+OdDHNbLEUW02LP8KOb7iNVECAwEA AaOCB7EwggetMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPMkfdEA3Qq7PKyws1rDh H0MVyPEwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUH AQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5 cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5 cHQub3JnLzCCBWQGA1UdEQSCBVswggVXghVhbXN0ZXJkYW0tY21zLmtsbS5jb22C EWFtc3RlcmRhbS5rbG0uY29tgh1hcGkuY2FtcGFpZ25kZXNpZ25lcjIua2xtLmNv bYITYmFubmVyc3BhY2Uua2xtLmNvbYITYmxvZy1vcmlnaW4ua2xtLmNvbYIMYmxv Zy5rbG0uY29tgg1icmFuZC5rbG0uY29tghFidW1ibGViZWUua2xtLmNvbYIYY2Ft cGFpZ25kZXNpZ25lci5rbG0uY29tghljYW1wYWlnbmRlc2lnbmVyMi5rbG0uY29t ghhjYW1wYWlnbnMtb3JpZ2luLmtsbS5jb22CEmV4cGVyaWVuY2Uua2xtLmNvbYIQ ZmFyZWZlZWQua2xtLmNvbYIRZmlnaHRibHVlLmtsbS5jb22CHGZsaWdodGJ1bmRs ZWJ1c2luZXNzLmtsbS5jb22CFmZseXJlc3BvbnNpYmx5LmtsbS5jb22CFGdhbWlm aWNhdGlvbi5rbG0uY29tgg9ncm9lcGVuLmtsbS5jb22CC2pjYy5rbG0uY29tggtq aWplbmtsbS5ubIIOa2xtaG9saWRheXMuYmWCDmtsbWhvbGlkYXlzLmx1gg5rbG1o b2xpZGF5cy5ubIIcbGlicm9kZXJlY2xhbWFjaW9uZXMua2xtLmNvbYIRbGl2ZWRl YWxzLmtsbS5jb22CEGxpdmVkZWFscy5rbG0ubmyCGWxpdmVzdHJlYW1tYWNoaW5l LmtsbS5jb22CDWx3Y2RuLmtsbS5jb22CGG5ldmVyZG9uZS1vcmlnaW4ua2xtLmNv bYIOb2ZmZXJzLmtsbS5jb22CEm9uZGVybmVtZW4ua2xtLmNvbYINcGFhcGkua2xt LmNvbYIUcGFja2FnZWRlYWxzLmtsbS5jb22CFHBhc3Nwb3J0LWNtcy5rbG0uY29t ghBwYXNzcG9ydC5rbG0uY29tghFwYXltZW50cGEua2xtLmNvbYIYcGhvdG9jb21w ZXRpdGlvbi5rbG0uY29tghBwbGF5LWNtcy5rbG0uY29tghNwbGF5LW9yaWdpbi5r bG0uY29tgiJwcmV2aWV3cy5jYW1wYWlnbmRlc2lnbmVyMi5rbG0uY29tghNwcmlj ZWFsZXJ0cy5rbG0uY29tghJwcm9tb3Rpb25zLmtsbS5jb22CE3Byb21vdGlvbnMy LmtsbS5jb22CHHF1b2lkZW5vdXZlYXUuZmx5aW5nYmx1ZS5jb22CD3JlYXNvbnMu a2xtLmNvbYIPcnVubmluZy5rbG0uY29tghJzYW4xLmtsbW9ubGluZS5jb22CGHNj aGlwaG9sLXNlcnZpY2Uua2xtLmNvbYIbc29jaWFsLW9yaWdpbi5rbG1vbmxpbmUu Y29tghZzb2NpYWxwYXltZW50cy5rbG0uY29tghBzb2NpYWx0di5rbG0uY29tggxz dXJmLmtsbS5jb22CFnN1c3RhaW5hYmlsaXR5LmtsbS5jb22CFXRha2UtbWUtdGhl cmUua2xtLmNvbYIXdHJhdmVsZm9yY2l0aWVzLmtsbS5jb22CFXRyYXZlbGZvcmZv b2Qua2xtLmNvbYIcdHJhdmVsZm9yc3VyZi1vcmlnaW4ua2xtLmNvbYISd2FubmFn aXZlcy5rbG0uY29tggt3YmMua2xtLmNvbYIOd2VjYXJlLmtsbS5jb22CFXdlZXRl bndpbi1jbXMua2xtLmNvbYIRd2VldGVud2luLmtsbS5jb22CGHdlcmVsZGRlYWx3 ZWtrZXIua2xtLmNvbYIPd2lud2l0aC5rbG0uY29tgg93d3cuamlqZW5rbG0ubmww TAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcC ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2 BIHzAPEAdgCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAXFi4ok7 AAAEAwBHMEUCIQD0U90USNyhd95uqBGqwEiUUjl7XZE7XUbsQ2A+u2nhuwIgchaq pgl+QV/AasNauz3Ap0rZJ7xJehZdQseYzNPGZY4AdwBvU3asMfAxGdiZAKRRFf93 FRwR2QLBACkGjbIImjfZEwAAAXFi4olcAAAEAwBIMEYCIQDJ2m+QPDvZMPzNQsaY ZLboz+KI7l3FVcICNhfhSAD8IQIhAM+6sGTofwGLg5g4fKgz1zC+bAi/B+X/cAla X8wZyjewMA0GCSqGSIb3DQEBCwUAA4IBAQAP8dphuDsH4b8zW40dZYmeIkwf+nqm DjcZuXuTxun+zigN0FQ3r2b8cqNv87d+/dl6fq7GxMiJC6mxyv8l/VDczJFmiTxZ 5wdK4Ol6Cw+Z+FT/Z2opJ08Py0pHF33M+iAhbjX91LsrBMSMQTZ1wbyWaMLpLHTY 6BddW0SJptqb3zX6Mt9w+nKELkST2WkWNtqINHhbylxsm1VZ5zoUQw2Z8K3seio0 xM4hBeAByuxz7oGdYlDEVXDRj9RjjxzPoj0xgXb4wU/hdKndAD1ZajJvN4eObSEo N5Ca1P7yDZylIDn/QI8Kufk+XCGuPkLHLERrjnece08TAQNLE+7VvjWV -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxxMdDleCsWTeHv/6tUb aZTw5vIShTq/zF0YRZs7dtqvsHiepZSJ2yRMYaRL2Pg2urAs2zUi6pOm38KxnDfX hkhcdxurMSQY04S0fbs15njIc7Y61idHg147iRpwcFkG4J7Typ7RFSBnIWseE7Ji xttXhbQD7w9r5sKMejaAI5m9ZAUgF1pUEIN1EItv7znUM3DGDI/pZU1IQwbVPbyJ +JG4VSldCPLVdUv20CEL0K2xI5hyBQIzDAs4C8fQR7TAeHlCs7K7rmkTqiYGfion Vh83z+Grq1PQqGZYt/DIL9tbyyPQWaSBC7yJNLcfkj450Mc1ssRRbTYs/wo5vuI1 UQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 327321176418926275002855834420109730300083 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-04-10 05:59:05 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-07-09 05:59:05 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'san1.klmonline.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23620517612292634676070428618058863575729841764362392378162794849894873847495732710760218919824377455820925405442671512002582510879860238391944221617227388037269844197126922792330202696952347645080526148335953588516419477659965933007573790496688672404135917544506181963984441431401143613521610911527734274988454953541706068788645864581713244230651875761912572497256470556562401039147979390047439050958340678569669551420665371135637869253109886257645076836516891945520424110982869392750498462904319524436903681818626109261349767491009582988878719580825509280591662541836158780778156221043178480398761778999500472464721 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 3cc91f74403742aecf2b2c2cd6b0e11f4315c8f1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1371 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'amsterdam-cms.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'amsterdam.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.campaigndesigner2.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bannerspace.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog-origin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'brand.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bumblebee.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'campaigndesigner.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'campaigndesigner2.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'campaigns-origin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'experience.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'farefeed.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fightblue.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'flightbundlebusiness.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'flyresponsibly.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gamification.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'groepen.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jcc.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jijenklm.nl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'klmholidays.be' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'klmholidays.lu' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'klmholidays.nl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'librodereclamaciones.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'livedeals.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'livedeals.klm.nl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'livestreammachine.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lwcdn.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'neverdone-origin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'offers.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ondernemen.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'paapi.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'packagedeals.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'passport-cms.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'passport.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'paymentpa.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'photocompetition.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'play-cms.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'play-origin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'previews.campaigndesigner2.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pricealerts.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'promotions.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'promotions2.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'quoidenouveau.flyingblue.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'reasons.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'running.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'san1.klmonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'schiphol-service.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'social-origin.klmonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'socialpayments.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'socialtv.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'surf.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sustainability.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'take-me-there.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'travelforcities.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'travelforfood.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'travelforsurf-origin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wannagives.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wbc.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wecare.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'weetenwin-cms.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'weetenwin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'werelddealwekker.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'winwith.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jijenklm.nl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f1007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e0000017162e2893b0000040300473045022100f453dd1448dca177de6ea811aac0489452397b5d913b5d46ec43603ebb69e1bb02207216aaa6097e415fc06ac35abb3dc0a74ad927bc497a165d42c798ccd3c6658e0077006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000017162e2895c0000040300483046022100c9da6f903c3bd930fccd42c69864b6e8cfe288ee5dc555c2023617e14800fc21022100cfbab064e87f018b8398387ca833d730be6c08bf07e5ff70095a5fcc19ca37b0 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 000ff1da61b83b07e1bf335b8d1d65899e224c1ffa7aa60e3719b97b93c6e9fece280dd05437af66fc72a36ff3b77efdd97a7eaec6c4c8890ba9b1caff25fd50dccc9166893c59e7074ae0e97a0b0f99f854ff676a29274f0fcb4a47177dccfa20216e35fdd4bb2b04c48c413675c1bc9668c2e92c74d8e8175d5b4489a6da9bdf35fa32df70fa72842e4493d9691636da8834785bca5c6c9b5559e73a14430d99f0adec7a2a34c4ce2105e001caec73ee819d6250c45570d18fd4638f1ccfa23d318176f8c14fe174a9dd003d596a326f37878e6d212837909ad4fef20d9ca52039ff408f0ab9f93e5c21ae3e42c72c446b8e779c7b4f1301034b13eed5be3595