g.ssl.fastly.net

- Fastly, Inc. -

Issued by GlobalSign Organization Validation CA - SHA256 - G2

About this certificate

This digital certificate with serial number 44:5d:e2:ec:43:92:6e:54:24:e2:d7:2a was issued on by GlobalSign nv-sa.

With 53 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Fastly, Inc.

Organization: Fastly, Inc.
State / Province: California
Locality: San Francisco
Country: US

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 44:5d:e2:ec:43:92:6e:54:24:e2:d7:2a
Serial Number (int): 21158482382201430576621344554
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: b3:57:b7:fa:1a:7f:6e:4f:23:9d:70:c6:a6:ab:4c:1e:47:0e:8b:00
AuthorityKeyId: 96:de:61:f1:bd:1c:16:29:53:1c:c0:cc:7d:3b:83:00:40:e6:1a:7c

Fingerprint (sha1): 68:8e:ff:c7:8d:06:0c:94:9f:17:00:ad:bd:e0:5a:71:41:96:eb:1f
Fingerprint (sha256): 1e:1a:63:a5:16:a0:8f:eb:62:c4:55:73:8f:5e:e4:fe:15:ea:6a:d7:05:d2:ea:5b:36:82:e7:cf:08:ce:f7:52

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsorganizationvalsha2g2
CRL Distribution Point: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

Check the revocation status for certificate g.ssl.fastly.net

53

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for g.ssl.fastly.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

g.ssl.fastly.net
*.api.iheart.com
*.docs.secretcdn-stg.net
*.statuspage.io
alienwarearena.com
*.alienwarearena.com
api.garage.me
avvo.com
*.avvo.com
cdn.briteverify.com
cdn.listenloop.com
cdn.wistia.com
chef.io
*.chef.io
client.appletv.cnn.com
depop.com
*.depop.com
dev.client.appletv.cnn.com
docs.secretcdn-stg.net
dosomething.org
*.dosomething.org
fastly.cedexis-test.com
frontgatetickets.com
*.frontgatetickets.com
gazelle.com
*.gazelle.com
getchef.com
*.getchef.com
hdmtools.com
*.hdmtools.com
ibmserviceengage.com
iheart.com
*.iheart.com
opensesame.com
*.opensesame.com
opscode.com
*.opscode.com
pentos-cdn.polarmobile.com
pentos-cdn.staging.polarmobile.com
playboy.com
*.playboy.com
rubytogether.org
*.rubytogether.org
status.authorize.net
statuspage.io
tag.marinsm.com
tripping.com
*.tripping.com
wohlers.org
*.wohlers.org
www.rackspacestatus.com
www.teachingenglish.org.uk
www.thetelecomshop.com

Other certificates including the domain name fastly.net

(limited to 100 certificates)
f4.shared.global.fastly.net
f6.shared.global.fastly.net
h2.shared.global.fastly.net
y2.shared.global.fastly.net
g3.shared.global.fastly.net
i3.shared.global.fastly.net
e2.shared.global.fastly.net
m2.shared.global.fastly.net
u.sni-741-default.ssl.fastly.net
u2.shared.global.fastly.net
i2.shared.global.fastly.net
n2.shared.global.fastly.net
e.ssl.fastly.net
w2.shared.global.fastly.net
*.a.heroku.ssl.fastly.net
o2.shared.global.fastly.net
k3.shared.global.fastly.net
o.ssl.fastly.net
b3.shared.global.fastly.net
*.a.heroku.ssl.fastly.net
o.ssl.fastly.net
v2.shared.global.fastly.net
c3.shared.global.fastly.net
w2.shared.global.fastly.net
customer-test.ssl.fastly.net
prospective.shared.global.fastly.net
j3.shared.global.fastly.net
k2.shared.global.fastly.net
p2.shared.global.fastly.net
a2.ssl.fastly.net
l3.shared.global.fastly.net
o2.shared.global.fastly.net
h2.shared.global.fastly.net
v.ssl.fastly.net
a3.shared.global.fastly.net
customer-test.ssl.fastly.net
w2.shared.global.fastly.net
g3.shared.global.fastly.net
k3.shared.global.fastly.net
t2.shared.global.fastly.net
prospective.shared.global.fastly.net
i3.shared.global.fastly.net
dns-vetting1j.map.fastly.net
t2.shared.global.fastly.net
p2.shared.global.fastly.net
w2.shared.global.fastly.net
n2.shared.global.fastly.net
t2.shared.global.fastly.net
o2.shared.global.fastly.net
v.ssl.fastly.net
e2.shared.global.fastly.net
w2.shared.global.fastly.net
b3.shared.global.fastly.net
t.ssl.fastly.net
f.ssl.fastly.net
l3.shared.global.fastly.net
c3.shared.global.fastly.net
r.ssl.fastly.net
g3.shared.global.fastly.net
n2.shared.global.fastly.net
l3.shared.global.fastly.net
v2.shared.global.fastly.net
d2.shared.global.fastly.net
j3.shared.global.fastly.net
l3.shared.global.fastly.net
g2.shared.global.fastly.net
e2.shared.global.fastly.net
n2.shared.global.fastly.net
e2.shared.global.fastly.net
k2.shared.global.fastly.net
h2.shared.global.fastly.net
t2.shared.global.fastly.net
p.ssl.fastly.net
a2.ssl.fastly.net
j3.shared.global.fastly.net
k.ssl.fastly.net
i2.shared.global.fastly.net
customer-test.ssl.fastly.net
n2.shared.global.fastly.net
prospective2.shared.global.fastly.net
w2.shared.global.fastly.net
h2.shared.global.fastly.net
u2.shared.global.fastly.net
w2.shared.global.fastly.net
d2.shared.global.fastly.net
b3.shared.global.fastly.net
n.ssl.fastly.net
l.ssl.fastly.net
prospective.shared.global.fastly.net
g2.shared.global.fastly.net
v.ssl.fastly.net
d3.shared.global.fastly.net
a3.shared.global.fastly.net
z.ssl.fastly.net
l2.shared.global.fastly.net
e2.shared.global.fastly.net
h3.shared.global.fastly.net
b2.shared.global.fastly.net
v2.shared.global.fastly.net
c3.shared.global.fastly.net

Certificate

The complete raw certificate details for g.ssl.fastly.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIK5TCCCc2gAwIBAgIMRF3i7EOSblQk4tcqMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcxMjE5MjE1NDA5WhcNMTgxMjE5MjAwMjAwWjBsMQswCQYDVQQGEwJV
UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEV
MBMGA1UECgwMRmFzdGx5LCBJbmMuMRkwFwYDVQQDDBBnLnNzbC5mYXN0bHkubmV0
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzm1YCVR6VALnnhK9KkVt
UyXEVZiNnYYWSi9Edgfw0dFlaOI4tLEosIVg7u+UYNi5fu8ZUcl8fIKQWCvNfJn1
DAnnGSeau1IMoetSOloWX040cxaHEFgA0ZO/sk8ddei/tE9AVLyIrFqNugq6Yz3B
cwHxmBzshxwkKkxMnCPPqSQUfJrEMIOWbtQSHIjfhUWcJuBGqZs84eg8XlD5Vd8e
7OqSbD3iwcKgVa0I3D38Db2gPId5tjAVaoD7uOpYV7JXfLgnKDEcHRIW+xkkC40m
Cg0QSvOV1ejOG3MM1ji829GBNGusL0prlfYSyZRDvyLICzdhp3ILoc96GHtHEdea
XQIDAQABo4IHizCCB4cwDgYDVR0PAQH/BAQDAgWgMIGgBggrBgEFBQcBAQSBkzCB
kDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNl
cnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYIKwYBBQUHMAGGM2h0
dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2FuaXphdGlvbnZhbHNoYTJn
MjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczov
L3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwCQYDVR0T
BAIwADBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29t
L2dzL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyLmNybDCCA8oGA1UdEQSCA8EwggO9
ghBnLnNzbC5mYXN0bHkubmV0ghAqLmFwaS5paGVhcnQuY29tghgqLmRvY3Muc2Vj
cmV0Y2RuLXN0Zy5uZXSCDyouc3RhdHVzcGFnZS5pb4ISYWxpZW53YXJlYXJlbmEu
Y29tghQqLmFsaWVud2FyZWFyZW5hLmNvbYINYXBpLmdhcmFnZS5tZYIIYXZ2by5j
b22CCiouYXZ2by5jb22CE2Nkbi5icml0ZXZlcmlmeS5jb22CEmNkbi5saXN0ZW5s
b29wLmNvbYIOY2RuLndpc3RpYS5jb22CB2NoZWYuaW+CCSouY2hlZi5pb4IWY2xp
ZW50LmFwcGxldHYuY25uLmNvbYIJZGVwb3AuY29tggsqLmRlcG9wLmNvbYIaZGV2
LmNsaWVudC5hcHBsZXR2LmNubi5jb22CFmRvY3Muc2VjcmV0Y2RuLXN0Zy5uZXSC
D2Rvc29tZXRoaW5nLm9yZ4IRKi5kb3NvbWV0aGluZy5vcmeCF2Zhc3RseS5jZWRl
eGlzLXRlc3QuY29tghRmcm9udGdhdGV0aWNrZXRzLmNvbYIWKi5mcm9udGdhdGV0
aWNrZXRzLmNvbYILZ2F6ZWxsZS5jb22CDSouZ2F6ZWxsZS5jb22CC2dldGNoZWYu
Y29tgg0qLmdldGNoZWYuY29tggxoZG10b29scy5jb22CDiouaGRtdG9vbHMuY29t
ghRpYm1zZXJ2aWNlZW5nYWdlLmNvbYIKaWhlYXJ0LmNvbYIMKi5paGVhcnQuY29t
gg5vcGVuc2VzYW1lLmNvbYIQKi5vcGVuc2VzYW1lLmNvbYILb3BzY29kZS5jb22C
DSoub3BzY29kZS5jb22CGnBlbnRvcy1jZG4ucG9sYXJtb2JpbGUuY29tgiJwZW50
b3MtY2RuLnN0YWdpbmcucG9sYXJtb2JpbGUuY29tggtwbGF5Ym95LmNvbYINKi5w
bGF5Ym95LmNvbYIQcnVieXRvZ2V0aGVyLm9yZ4ISKi5ydWJ5dG9nZXRoZXIub3Jn
ghRzdGF0dXMuYXV0aG9yaXplLm5ldIINc3RhdHVzcGFnZS5pb4IPdGFnLm1hcmlu
c20uY29tggx0cmlwcGluZy5jb22CDioudHJpcHBpbmcuY29tggt3b2hsZXJzLm9y
Z4INKi53b2hsZXJzLm9yZ4IXd3d3LnJhY2tzcGFjZXN0YXR1cy5jb22CGnd3dy50
ZWFjaGluZ2VuZ2xpc2gub3JnLnVrghZ3d3cudGhldGVsZWNvbXNob3AuY29tMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUs1e3+hp/bk8j
nXDGpqtMHkcOiwAwHwYDVR0jBBgwFoAUlt5h8b0cFilTHMDMfTuDAEDmGnwwggH1
BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB2AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyI
jT0RxM227L7MAAABYHDFDuQAAAQDAEcwRQIhAOEcP0eERwGRDu6jd5xjvuf2LW8C
8BkCuf+nENP1dCasAiAKL5uPgHcHfDZ8SxBaD2H5mBwO8WTjWf9yljZvPwxEHQB2
AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABYHDFDxEAAAQDAEcw
RQIgblUbcHYeplKZ5jTLblXaqkMYZWn6NWveJ0z1DpZFWDECIQDM+oiGKmCw/Zj5
o7lYAWM8ll8eRdKxI2J4nXmAlHjRwQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+Rvf
uON3zQ7IDdwQAAABYHDFEYgAAAQDAEcwRQIgTiTcV9mZwCL+YMDDWa0RZbQOK4x7
/t4nLoxk2WF74QMCIQDMDNJpiXCWXqmyW5ejWK6VOULUm8Ag5YBkkM6B5wPCdwB1
AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABYHDFFIgAAAQDAEYw
RAIgQJX1XolCk6V8T6MkX31KhX7BH5G5oG7aXGT8yxeMiuECIGosQM24/xITTIOO
/YTFFkciOTHIbUhrpnhPauBxWi0UMA0GCSqGSIb3DQEBCwUAA4IBAQBUuq7vIVJq
8XOObJb9cklXEIY69ziLPMxbP/7Erq3X+x/HoE0oe8thi5Y0kj1syV89ij3jy8O3
sHXxW6auopKd45zidNXZIVE09Ck8vz1rnxYedWvquw9CWTRAU+D+UVGQa+dn50Ij
6N5UMTnNr2mkXYwC0LsHM3HctrsKYwWT6K/pnsVKCw8LwvEupbCvfWvGsnR/JuQe
sLdFqsOXsvN0Nzx9QARLjpl+/RPTni4zYqnjP37+9z2fzDP+wR6SLuDdxjjuCByo
iKfIqsyuqQcYzWJnC4E2E8WlK4i79gYwqreyvhkijocR7sNIYuGiR12Csmdtc6gn
4OplUwIQrRVt
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzm1YCVR6VALnnhK9KkVt
UyXEVZiNnYYWSi9Edgfw0dFlaOI4tLEosIVg7u+UYNi5fu8ZUcl8fIKQWCvNfJn1
DAnnGSeau1IMoetSOloWX040cxaHEFgA0ZO/sk8ddei/tE9AVLyIrFqNugq6Yz3B
cwHxmBzshxwkKkxMnCPPqSQUfJrEMIOWbtQSHIjfhUWcJuBGqZs84eg8XlD5Vd8e
7OqSbD3iwcKgVa0I3D38Db2gPId5tjAVaoD7uOpYV7JXfLgnKDEcHRIW+xkkC40m
Cg0QSvOV1ejOG3MM1ji829GBNGusL0prlfYSyZRDvyLICzdhp3ILoc96GHtHEdea
XQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 21158482382201430576621344554
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Organization Validation CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-12-19 21:54:09 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-12-19 20:02:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'San Francisco'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Fastly, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'g.ssl.fastly.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26059010305939598323585374452153629599536302641272884367045869736269822215694091627486277785951135425936951303777257854078836090157537424064179052251015827819628071723110340733048151948739885052340595268703285856412755808553499688684928872234491680229946691510531331672751040190288728022811485410420981306003395214762699336476004281603055326882110316808727328027409192706831492388267396175623183009956041239255604961323032390722366787747927911746937434845200552693001121641641609156202853242750292014199689691022100330865687987576459906563265267167330940022236527521083761500736765250951548366374261963538484853971549
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (147 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsorganizationvalsha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (961 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'g.ssl.fastly.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.api.iheart.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.docs.secretcdn-stg.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.statuspage.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alienwarearena.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.alienwarearena.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.garage.me'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avvo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.avvo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdn.briteverify.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdn.listenloop.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdn.wistia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'chef.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.chef.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'client.appletv.cnn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'depop.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.depop.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.client.appletv.cnn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'docs.secretcdn-stg.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dosomething.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dosomething.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fastly.cedexis-test.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'frontgatetickets.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.frontgatetickets.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gazelle.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gazelle.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'getchef.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.getchef.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hdmtools.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hdmtools.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ibmserviceengage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iheart.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.iheart.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'opensesame.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.opensesame.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'opscode.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.opscode.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pentos-cdn.polarmobile.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pentos-cdn.staging.polarmobile.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'playboy.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.playboy.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rubytogether.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.rubytogether.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'status.authorize.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'statuspage.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tag.marinsm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tripping.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.tripping.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wohlers.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.wohlers.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rackspacestatus.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.teachingenglish.org.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.thetelecomshop.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b357b7fa1a7f6e4f239d70c6a6ab4c1e470e8b00
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 96de61f1bd1c1629531cc0cc7d3b830040e61a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (481 bytes)
							01df007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000016070c50ee40000040300473045022100e11c3f47844701910eeea3779c63bee7f62d6f02f01902b9ffa710d3f57426ac02200a2f9b8f8077077c367c4b105a0f61f9981c0ef164e359ff7296366f3f0c441d0076005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000016070c50f11000004030047304502206e551b70761ea65299e634cb6e55daaa43186569fa356bde274cf50e96455831022100ccfa88862a60b0fd98f9a3b95801633c965f1e45d2b12362789d79809478d1c1007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016070c51188000004030047304502204e24dc57d999c022fe60c0c359ad1165b40e2b8c7bfede272e8c64d9617be103022100cc0cd2698970965ea9b25b97a358ae953942d49bc020e5806490ce81e703c277007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016070c51488000004030046304402204095f55e894293a57c4fa3245f7d4a857ec11f91b9a06eda5c64fccb178c8ae102206a2c40cdb8ff12134c838efd84c51647223931c86d486ba6784f6ae0715a2d14
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0054baaeef21526af1738e6c96fd72495710863af7388b3ccc5b3ffec4aeadd7fb1fc7a04d287bcb618b9634923d6cc95f3d8a3de3cbc3b7b075f15ba6aea2929de39ce274d5d9215134f4293cbf3d6b9f161e756beabb0f4259344053e0fe5151906be767e74223e8de543139cdaf69a45d8c02d0bb073371dcb6bb0a630593e8afe99ec54a0b0f0bc2f12ea5b0af7d6bc6b2747f26e41eb0b745aac397b2f374373c7d40044b8e997efd13d39e2e3362a9e33f7efef73d9fcc33fec11e922ee0ddc638ee081ca888a7c8aaccaea90718cd62670b813613c5a52b88bbf60630aab7b2be19228e8711eec34862e1a2475d82b2676d73a827e0ea65530210ad156d