san1.klmonline.com

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 04:a3:d7:a9:75:59:b6:3e:61:5f:0e:c2:88:13:6c:a2:54:1a was issued on by Let's Encrypt.

With 70 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=san1.klmonline.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:a3:d7:a9:75:59:b6:3e:61:5f:0e:c2:88:13:6c:a2:54:1a
Serial Number (int): 404201833432566437205595518837956347581466
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 3c:c9:1f:74:40:37:42:ae:cf:2b:2c:2c:d6:b0:e1:1f:43:15:c8:f1
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): 4a:6c:d6:ba:7a:08:db:8f:cb:37:d4:b3:3d:38:02:9a:a9:e3:e5:40
Fingerprint (sha256): 36:5c:a9:8e:b3:cb:4c:8f:37:09:f1:9c:43:d2:4d:55:1b:c5:de:f7:ea:7a:2a:46:8f:73:4b:64:f2:f4:88:df

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate san1.klmonline.com

70

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for san1.klmonline.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

amsterdam-cms.klm.com
amsterdam.klm.com
api.campaigndesigner2.klm.com
bannerspace.klm.com
blog-origin.klm.com
blog.klm.com
brand.klm.com
bumblebee.klm.com
campaigndesigner.klm.com
campaigndesigner2.klm.com
campaigns-origin.klm.com
crewnotifyapp-origin.klm.com
experience.klm.com
farefeed.klm.com
fightblue.klm.com
flightbundlebusiness.klm.com
flyresponsibly.klm.com
gamification.klm.com
groepen.klm.com
inspirationalhub.klm.com
jcc.klm.com
jijenklm.nl
lasvegas.klm.com
librodereclamaciones.klm.com
livedeals.klm.com
livedeals.klm.nl
livestreammachine.klm.com
lwcdn.klm.com
musicquiz.klm.com
neverdone-origin.klm.com
offers.klm.com
ondernemen.klm.com
onyourmap.klm.com
paapi.klm.com
packagedeals.klm.com
passport-cms.klm.com
passport.klm.com
paymentpa.klm.com
photocompetition.klm.com
play-cms.klm.com
play-origin.klm.com
previews.campaigndesigner2.klm.com
pricealerts.klm.com
privacy.klm.com
promotions.klm.com
promotions2.klm.com
quoidenouveau.flyingblue.com
reasons.klm.com
running.klm.com
san1.klmonline.com
schiphol-service.klm.com
shop.klm.com
social-origin.klmonline.com
socialpayments.klm.com
socialtv.klm.com
surf.klm.com
sustainability.klm.com
take-me-there.klm.com
travelforcities.klm.com
travelforfood.klm.com
travelforsurf-origin.klm.com
wannagives.klm.com
wbc.klm.com
wecare.klm.com
weetenwin-cms.klm.com
weetenwin.klm.com
werelddealwekker.klm.com
whatsnew.flyingblue.com
winwith.klm.com
www.jijenklm.nl

Other certificates including the domain name klmonline.com

(limited to 100 certificates)
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com

Certificate

The complete raw certificate details for san1.klmonline.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIILHTCCCgWgAwIBAgISBKPXqXVZtj5hXw7CiBNsolQaMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAxMjIxMzEyMjBaFw0y
MDA0MjExMzEyMjBaMB0xGzAZBgNVBAMTEnNhbjEua2xtb25saW5lLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALscTHQ5XgrFk3h7/+rVG2mU8Oby
EoU6v8xdGEWbO3bar7B4nqWUidskTGGkS9j4NrqwLNs1IuqTpt/CsZw314ZIXHcb
qzEkGNOEtH27NeZ4yHO2OtYnR4NeO4kacHBZBuCe08qe0RUgZyFrHhOyYsbbV4W0
A+8Pa+bCjHo2gCOZvWQFIBdaVBCDdRCLb+851DNwxgyP6WVNSEMG1T28ifiRuFUp
XQjy1XVL9tAhC9CtsSOYcgUCMwwLOAvH0Ee0wHh5QrOyu65pE6omBn4qJ1YfN8/h
q6tT0KhmWLfwyC/bW8sj0FmkgQu8iTS3H5I+OdDHNbLEUW02LP8KOb7iNVECAwEA
AaOCCCgwgggkMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPMkfdEA3Qq7PKyws1rDh
H0MVyPEwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUH
AQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5
cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5
cHQub3JnLzCCBdwGA1UdEQSCBdMwggXPghVhbXN0ZXJkYW0tY21zLmtsbS5jb22C
EWFtc3RlcmRhbS5rbG0uY29tgh1hcGkuY2FtcGFpZ25kZXNpZ25lcjIua2xtLmNv
bYITYmFubmVyc3BhY2Uua2xtLmNvbYITYmxvZy1vcmlnaW4ua2xtLmNvbYIMYmxv
Zy5rbG0uY29tgg1icmFuZC5rbG0uY29tghFidW1ibGViZWUua2xtLmNvbYIYY2Ft
cGFpZ25kZXNpZ25lci5rbG0uY29tghljYW1wYWlnbmRlc2lnbmVyMi5rbG0uY29t
ghhjYW1wYWlnbnMtb3JpZ2luLmtsbS5jb22CHGNyZXdub3RpZnlhcHAtb3JpZ2lu
LmtsbS5jb22CEmV4cGVyaWVuY2Uua2xtLmNvbYIQZmFyZWZlZWQua2xtLmNvbYIR
ZmlnaHRibHVlLmtsbS5jb22CHGZsaWdodGJ1bmRsZWJ1c2luZXNzLmtsbS5jb22C
FmZseXJlc3BvbnNpYmx5LmtsbS5jb22CFGdhbWlmaWNhdGlvbi5rbG0uY29tgg9n
cm9lcGVuLmtsbS5jb22CGGluc3BpcmF0aW9uYWxodWIua2xtLmNvbYILamNjLmts
bS5jb22CC2ppamVua2xtLm5sghBsYXN2ZWdhcy5rbG0uY29tghxsaWJyb2RlcmVj
bGFtYWNpb25lcy5rbG0uY29tghFsaXZlZGVhbHMua2xtLmNvbYIQbGl2ZWRlYWxz
LmtsbS5ubIIZbGl2ZXN0cmVhbW1hY2hpbmUua2xtLmNvbYINbHdjZG4ua2xtLmNv
bYIRbXVzaWNxdWl6LmtsbS5jb22CGG5ldmVyZG9uZS1vcmlnaW4ua2xtLmNvbYIO
b2ZmZXJzLmtsbS5jb22CEm9uZGVybmVtZW4ua2xtLmNvbYIRb255b3VybWFwLmts
bS5jb22CDXBhYXBpLmtsbS5jb22CFHBhY2thZ2VkZWFscy5rbG0uY29tghRwYXNz
cG9ydC1jbXMua2xtLmNvbYIQcGFzc3BvcnQua2xtLmNvbYIRcGF5bWVudHBhLmts
bS5jb22CGHBob3RvY29tcGV0aXRpb24ua2xtLmNvbYIQcGxheS1jbXMua2xtLmNv
bYITcGxheS1vcmlnaW4ua2xtLmNvbYIicHJldmlld3MuY2FtcGFpZ25kZXNpZ25l
cjIua2xtLmNvbYITcHJpY2VhbGVydHMua2xtLmNvbYIPcHJpdmFjeS5rbG0uY29t
ghJwcm9tb3Rpb25zLmtsbS5jb22CE3Byb21vdGlvbnMyLmtsbS5jb22CHHF1b2lk
ZW5vdXZlYXUuZmx5aW5nYmx1ZS5jb22CD3JlYXNvbnMua2xtLmNvbYIPcnVubmlu
Zy5rbG0uY29tghJzYW4xLmtsbW9ubGluZS5jb22CGHNjaGlwaG9sLXNlcnZpY2Uu
a2xtLmNvbYIMc2hvcC5rbG0uY29tghtzb2NpYWwtb3JpZ2luLmtsbW9ubGluZS5j
b22CFnNvY2lhbHBheW1lbnRzLmtsbS5jb22CEHNvY2lhbHR2LmtsbS5jb22CDHN1
cmYua2xtLmNvbYIWc3VzdGFpbmFiaWxpdHkua2xtLmNvbYIVdGFrZS1tZS10aGVy
ZS5rbG0uY29tghd0cmF2ZWxmb3JjaXRpZXMua2xtLmNvbYIVdHJhdmVsZm9yZm9v
ZC5rbG0uY29tghx0cmF2ZWxmb3JzdXJmLW9yaWdpbi5rbG0uY29tghJ3YW5uYWdp
dmVzLmtsbS5jb22CC3diYy5rbG0uY29tgg53ZWNhcmUua2xtLmNvbYIVd2VldGVu
d2luLWNtcy5rbG0uY29tghF3ZWV0ZW53aW4ua2xtLmNvbYIYd2VyZWxkZGVhbHdl
a2tlci5rbG0uY29tghd3aGF0c25ldy5mbHlpbmdibHVlLmNvbYIPd2lud2l0aC5r
bG0uY29tgg93d3cuamlqZW5rbG0ubmwwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYL
KwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlw
dC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQDwlaRZ8gDRgkAQLS+TiI6t
S/4dR+OZ4dA0prCoqo6ycwAAAW/NmM3IAAAEAwBGMEQCIA5rGT9UfwsEXftW64Zd
hIdAPvnxsxGLmnG1tMoErkuqAiBIlsodLivERH3kOHTyAqfQTqXNqI3X417tc5ys
XIB77wB3AAe3XBvlfWj/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABb82YzfwA
AAQDAEgwRgIhALgGuTFmtbFcHMth2DsUUoz0WLTI9XnNgMN9OhvkjjAFAiEAlncx
Vp68O3++VYL4T7av21+3TW7Lsy+Si/xc/VluEfEwDQYJKoZIhvcNAQELBQADggEB
AEd21DtG3IJkysVWgk6RknJhja9gR4cDpjtNHLjcEyaaUXD3SlgMS1JSImiWyV20
9rqWrhoAN/GTPKBeglVvLpwDXCRNGwgNnpbDa2nxOhkhcvibsxCCJq66Dljb2XVY
QzdohWQdO4Oy1BvTmD63D9hyZ3R3Wjtb6TxX011ZVgsBX3mxAbqvIMQ4Y6QoP5QB
+VOM0/EwWOwdZJZEDWbulNmvD34fttB7qj8n6nDw2R0lYJfvy+wzP14Jph8FBMC5
ptc7d6M0b950gAjIlIRBMGi5kBtdJOmJPDJlPUZv80Rp5Bl76qju1OLq6wOHqheN
D8YqRlQ6oCVd7/N1vClVDV8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxxMdDleCsWTeHv/6tUb
aZTw5vIShTq/zF0YRZs7dtqvsHiepZSJ2yRMYaRL2Pg2urAs2zUi6pOm38KxnDfX
hkhcdxurMSQY04S0fbs15njIc7Y61idHg147iRpwcFkG4J7Typ7RFSBnIWseE7Ji
xttXhbQD7w9r5sKMejaAI5m9ZAUgF1pUEIN1EItv7znUM3DGDI/pZU1IQwbVPbyJ
+JG4VSldCPLVdUv20CEL0K2xI5hyBQIzDAs4C8fQR7TAeHlCs7K7rmkTqiYGfion
Vh83z+Grq1PQqGZYt/DIL9tbyyPQWaSBC7yJNLcfkj450Mc1ssRRbTYs/wo5vuI1
UQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 404201833432566437205595518837956347581466
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-22 13:12:20 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-04-21 13:12:20 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'san1.klmonline.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23620517612292634676070428618058863575729841764362392378162794849894873847495732710760218919824377455820925405442671512002582510879860238391944221617227388037269844197126922792330202696952347645080526148335953588516419477659965933007573790496688672404135917544506181963984441431401143613521610911527734274988454953541706068788645864581713244230651875761912572497256470556562401039147979390047439050958340678569669551420665371135637869253109886257645076836516891945520424110982869392750498462904319524436903681818626109261349767491009582988878719580825509280591662541836158780778156221043178480398761778999500472464721
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3cc91f74403742aecf2b2c2cd6b0e11f4315c8f1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1491 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'amsterdam-cms.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'amsterdam.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.campaigndesigner2.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bannerspace.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog-origin.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'brand.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bumblebee.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'campaigndesigner.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'campaigndesigner2.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'campaigns-origin.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'crewnotifyapp-origin.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'experience.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'farefeed.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fightblue.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'flightbundlebusiness.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'flyresponsibly.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gamification.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'groepen.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'inspirationalhub.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jcc.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jijenklm.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lasvegas.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'librodereclamaciones.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'livedeals.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'livedeals.klm.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'livestreammachine.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lwcdn.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musicquiz.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'neverdone-origin.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'offers.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ondernemen.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onyourmap.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'paapi.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'packagedeals.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'passport-cms.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'passport.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'paymentpa.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'photocompetition.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'play-cms.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'play-origin.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'previews.campaigndesigner2.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pricealerts.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'privacy.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'promotions.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'promotions2.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'quoidenouveau.flyingblue.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'reasons.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'running.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'san1.klmonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'schiphol-service.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shop.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'social-origin.klmonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'socialpayments.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'socialtv.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'surf.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sustainability.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'take-me-there.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'travelforcities.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'travelforfood.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'travelforsurf-origin.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wannagives.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wbc.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wecare.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'weetenwin-cms.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'weetenwin.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'werelddealwekker.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'whatsnew.flyingblue.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'winwith.klm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jijenklm.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007500f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb2730000016fcd98cdc8000004030046304402200e6b193f547f0b045dfb56eb865d8487403ef9f1b3118b9a71b5b4ca04ae4baa02204896ca1d2e2bc4447de43874f202a7d04ea5cda88dd7e35eed739cac5c807bef00770007b75c1be57d68fff1b0c61d2315c7bae6577c5794b76aeebc613a1a69d3a21c0000016fcd98cdfc0000040300483046022100b806b93166b5b15c1ccb61d83b14528cf458b4c8f579cd80c37d3a1be48e3005022100967731569ebc3b7fbe5582f84fb6afdb5fb74d6ecbb32f928bfc5cfd596e11f1
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004776d43b46dc8264cac556824e919272618daf60478703a63b4d1cb8dc13269a5170f74a580c4b5252226896c95db4f6ba96ae1a0037f1933ca05e82556f2e9c035c244d1b080d9e96c36b69f13a192172f89bb3108226aeba0e58dbd9755843376885641d3b83b2d41bd3983eb70fd8726774775a3b5be93c57d35d59560b015f79b101baaf20c43863a4283f9401f9538cd3f13058ec1d6496440d66ee94d9af0f7e1fb6d07baa3f27ea70f0d91d256097efcbec333f5e09a61f0504c0b9a6d73b77a3346fde748008c89484413068b9901b5d24e9893c32653d466ff34469e4197beaa8eed4e2eaeb0387aa178d0fc62a46543aa0255deff375bc29550d5f