*.e.ssl.fastly.net

- Fastly, Inc. -

Issued by GlobalSign Organization Validation CA - SHA256 - G2

About this certificate

This digital certificate with serial number 6e:91:32:4f:76:55:1d:dd:23:f7:79:57 was issued on by GlobalSign nv-sa.

With 59 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Fastly, Inc.

Organization: Fastly, Inc.
State / Province: California
Locality: San Francisco
Country: US

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 6e:91:32:4f:76:55:1d:dd:23:f7:79:57
Serial Number (int): 34218882908335758400497875287
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: ec:2e:de:fc:ef:fa:86:46:f6:d1:cb:a9:a0:5b:46:6b:b1:89:9f:4f
AuthorityKeyId: 96:de:61:f1:bd:1c:16:29:53:1c:c0:cc:7d:3b:83:00:40:e6:1a:7c

Fingerprint (sha1): ba:89:2c:d1:43:f0:b5:9d:86:ea:ae:34:3f:b8:2e:95:65:f0:da:93
Fingerprint (sha256): 59:05:64:2d:77:ce:5e:ec:a4:0c:3b:32:36:6a:9f:af:c0:a3:78:2f:9c:88:c0:61:00:49:6e:63:49:30:19:cb

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsorganizationvalsha2g2
CRL Distribution Point: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

Check the revocation status for certificate *.e.ssl.fastly.net

59

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.e.ssl.fastly.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.e.ssl.fastly.net
*.bigcartel.biz
*.bigcartel.com
*.blendle.com
*.esetstatic.com
*.eyeem.com
*.fastly-plugins.com
*.ft.com
*.fubo.tv
*.highfive.com
*.livenation.com
*.lostmy.name
*.nexus.bazaarvoice.com
*.nrml.com
*.ookla.com
*.palantir.com
*.perftest-mini.hoteltonight-test.com
*.speedtest.net
*.ticketcity.com
blendle.com
bostonherald.com
btownmenus.com
c.tadst.com
cdn.bronto.com
cdn.paybygroup.com
dashboard.yesgraph.com
downloads.haskell.org
eyeem.com
fastly.kastatic.org
freesecure.timeanddate.com
ft.com
fubo.tv
hackage.haskell.org
highfive.com
hungrybuffs.com
media.guim.co.uk
milehighmenus.com
nrml.com
palantir.com
pao-pao.net
plugins.fastly.com
reso.io
secure.img1.josscdn.com
secure.img1.wfrcdn.com
secure.img2.josscdn.com
secure.img2.wfrcdn.com
speculateup.com
speedtest.net
ticketcity.com
unicef.se
www.bostonherald.com
www.celebsgonegood.com
www.haskell.org
www.puresolo.com
www.reso.io
www.roh.org.uk
www.themarshallproject.org
www.timeanddate.com
e.ssl.fastly.net

Other certificates including the domain name fastly.net

(limited to 100 certificates)
f4.shared.global.fastly.net
f6.shared.global.fastly.net
h2.shared.global.fastly.net
y2.shared.global.fastly.net
g3.shared.global.fastly.net
i3.shared.global.fastly.net
e2.shared.global.fastly.net
m2.shared.global.fastly.net
u2.shared.global.fastly.net
i2.shared.global.fastly.net
n2.shared.global.fastly.net
e.ssl.fastly.net
w2.shared.global.fastly.net
*.a.heroku.ssl.fastly.net
o2.shared.global.fastly.net
k3.shared.global.fastly.net
o.ssl.fastly.net
b3.shared.global.fastly.net
*.a.heroku.ssl.fastly.net
o.ssl.fastly.net
v2.shared.global.fastly.net
c3.shared.global.fastly.net
w2.shared.global.fastly.net
customer-test.ssl.fastly.net
prospective.shared.global.fastly.net
j3.shared.global.fastly.net
k2.shared.global.fastly.net
p2.shared.global.fastly.net
a2.ssl.fastly.net
l3.shared.global.fastly.net
o2.shared.global.fastly.net
h2.shared.global.fastly.net
v.ssl.fastly.net
a3.shared.global.fastly.net
customer-test.ssl.fastly.net
w2.shared.global.fastly.net
g3.shared.global.fastly.net
k3.shared.global.fastly.net
t2.shared.global.fastly.net
prospective.shared.global.fastly.net
i3.shared.global.fastly.net
dns-vetting1j.map.fastly.net
t2.shared.global.fastly.net
p2.shared.global.fastly.net
w2.shared.global.fastly.net
n2.shared.global.fastly.net
t2.shared.global.fastly.net
o2.shared.global.fastly.net
v.ssl.fastly.net
e2.shared.global.fastly.net
w2.shared.global.fastly.net
b3.shared.global.fastly.net
t.ssl.fastly.net
f.ssl.fastly.net
l3.shared.global.fastly.net
c3.shared.global.fastly.net
r.ssl.fastly.net
g3.shared.global.fastly.net
n2.shared.global.fastly.net
l3.shared.global.fastly.net
v2.shared.global.fastly.net
d2.shared.global.fastly.net
j3.shared.global.fastly.net
l3.shared.global.fastly.net
g2.shared.global.fastly.net
e2.shared.global.fastly.net
n2.shared.global.fastly.net
e2.shared.global.fastly.net
k2.shared.global.fastly.net
h2.shared.global.fastly.net
t2.shared.global.fastly.net
p.ssl.fastly.net
a2.ssl.fastly.net
j3.shared.global.fastly.net
k.ssl.fastly.net
i2.shared.global.fastly.net
customer-test.ssl.fastly.net
n2.shared.global.fastly.net
prospective2.shared.global.fastly.net
w2.shared.global.fastly.net
h2.shared.global.fastly.net
u2.shared.global.fastly.net
w2.shared.global.fastly.net
d2.shared.global.fastly.net
b3.shared.global.fastly.net
n.ssl.fastly.net
l.ssl.fastly.net
prospective.shared.global.fastly.net
g2.shared.global.fastly.net
v.ssl.fastly.net
d3.shared.global.fastly.net
a3.shared.global.fastly.net
z.ssl.fastly.net
l2.shared.global.fastly.net
e2.shared.global.fastly.net
h3.shared.global.fastly.net
b2.shared.global.fastly.net
v2.shared.global.fastly.net
c3.shared.global.fastly.net
e2.shared.global.fastly.net

Certificate

The complete raw certificate details for *.e.ssl.fastly.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIILPDCCCiSgAwIBAgIMbpEyT3ZVHd0j93lXMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcxMTIyMTgwNTA3WhcNMTgwOTAzMjAxNTI5WjBuMQswCQYDVQQGEwJV
UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEV
MBMGA1UECgwMRmFzdGx5LCBJbmMuMRswGQYDVQQDDBIqLmUuc3NsLmZhc3RseS5u
ZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC96nMdsPCrLQru5Ur+
I6ADe+vELc/a+PZ5DyCx6sMdOUlngB9k5DNtb4sWj/EqHxt62YlMD0tWIk9y8bVP
sgBDX36qHGnMcRgln/k0bT+gx7nS89u0QGqnj/ARouWV1ONWdNFNYBRakTwNX32k
tLSLOeCOs7v1nwCsvYxt6MAkazg8vSDAxBLQpXAFt+zkz91jFPKz7Nd7scOrF/WS
liH+Aege6Vk0u9UWngVQbOA2W37DGY+Z6vF1RpSDhXqPTvt7srVS4SGGhXqVYydP
WrdyQFMPN2rc+xuFepAFB5KsxLzQe+mJKLJWFIHBokt5AoUlE9o92ChFoBe/go6E
3PSXAgMBAAGjggfgMIIH3DAOBgNVHQ8BAf8EBAMCBaAwgaAGCCsGAQUFBwEBBIGT
MIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2Nh
Y2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEFBQcwAYYz
aHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hh
MmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBz
Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNV
HRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5j
b20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMIIEHgYDVR0RBIIEFTCC
BBGCEiouZS5zc2wuZmFzdGx5Lm5ldIIPKi5iaWdjYXJ0ZWwuYml6gg8qLmJpZ2Nh
cnRlbC5jb22CDSouYmxlbmRsZS5jb22CECouZXNldHN0YXRpYy5jb22CCyouZXll
ZW0uY29tghQqLmZhc3RseS1wbHVnaW5zLmNvbYIIKi5mdC5jb22CCSouZnViby50
doIOKi5oaWdoZml2ZS5jb22CECoubGl2ZW5hdGlvbi5jb22CDSoubG9zdG15Lm5h
bWWCFyoubmV4dXMuYmF6YWFydm9pY2UuY29tggoqLm5ybWwuY29tggsqLm9va2xh
LmNvbYIOKi5wYWxhbnRpci5jb22CJSoucGVyZnRlc3QtbWluaS5ob3RlbHRvbmln
aHQtdGVzdC5jb22CDyouc3BlZWR0ZXN0Lm5ldIIQKi50aWNrZXRjaXR5LmNvbYIL
YmxlbmRsZS5jb22CEGJvc3RvbmhlcmFsZC5jb22CDmJ0b3dubWVudXMuY29tggtj
LnRhZHN0LmNvbYIOY2RuLmJyb250by5jb22CEmNkbi5wYXlieWdyb3VwLmNvbYIW
ZGFzaGJvYXJkLnllc2dyYXBoLmNvbYIVZG93bmxvYWRzLmhhc2tlbGwub3Jnggll
eWVlbS5jb22CE2Zhc3RseS5rYXN0YXRpYy5vcmeCGmZyZWVzZWN1cmUudGltZWFu
ZGRhdGUuY29tggZmdC5jb22CB2Z1Ym8udHaCE2hhY2thZ2UuaGFza2VsbC5vcmeC
DGhpZ2hmaXZlLmNvbYIPaHVuZ3J5YnVmZnMuY29tghBtZWRpYS5ndWltLmNvLnVr
ghFtaWxlaGlnaG1lbnVzLmNvbYIIbnJtbC5jb22CDHBhbGFudGlyLmNvbYILcGFv
LXBhby5uZXSCEnBsdWdpbnMuZmFzdGx5LmNvbYIHcmVzby5pb4IXc2VjdXJlLmlt
ZzEuam9zc2Nkbi5jb22CFnNlY3VyZS5pbWcxLndmcmNkbi5jb22CF3NlY3VyZS5p
bWcyLmpvc3NjZG4uY29tghZzZWN1cmUuaW1nMi53ZnJjZG4uY29tgg9zcGVjdWxh
dGV1cC5jb22CDXNwZWVkdGVzdC5uZXSCDnRpY2tldGNpdHkuY29tggl1bmljZWYu
c2WCFHd3dy5ib3N0b25oZXJhbGQuY29tghZ3d3cuY2VsZWJzZ29uZWdvb2QuY29t
gg93d3cuaGFza2VsbC5vcmeCEHd3dy5wdXJlc29sby5jb22CC3d3dy5yZXNvLmlv
gg53d3cucm9oLm9yZy51a4Iad3d3LnRoZW1hcnNoYWxscHJvamVjdC5vcmeCE3d3
dy50aW1lYW5kZGF0ZS5jb22CEGUuc3NsLmZhc3RseS5uZXQwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTsLt787/qGRvbRy6mgW0ZrsYmf
TzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMcwMx9O4MAQOYafDCCAfYGCisGAQQB1nkC
BAIEggHmBIIB4gHgAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswA
AAFf5OersAAABAMARzBFAiAfcdD6Ut5hnz5I0fTEpmNN9UIemZ1E3qvS/8NST2Gr
RAIhANy4sNc3W+0Q3JG2ZriALkljw3vljtyg1p5hS3B028feAHYAVhQGmi/XwuzT
9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFf5Oer3wAABAMARzBFAiEAreRPEe7h
PwbQkDJ4HLi0naE2YOp6vwO0lg3EJeBJDVQCIB62weAmJixnW/X+iajp+l5Suwn6
91zQg22XteGv0xQIAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA
AAFf5OerYAAABAMARzBFAiEAm9pNB0RKr1ABGmnL5oTzl0ec1O3eUghwC86ej5oh
ZqkCIH5NhPu1ANOiWUFzzFsTfgT0BBVOICLTyMI2sN/pj0tGAHYA7ku9t3XOYLrh
Qmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFf5OeubwAABAMARzBFAiEAmXm1jwh/
WnaZUuaLaOGg9Nm3Q/aEgns4aIrkuA4TQdkCIHBW1DcOqcKmko4UcEEZa/zZ0+Bg
KioyjbrjhpYCMOb9MA0GCSqGSIb3DQEBCwUAA4IBAQB1v+iMM71OJ5s/w1V6RECF
jQljDlgkJiQ9UezvGA5KT+Y87Wu6gAdxNdUOmyGwWkXA14xMnj1n5IvoXhS8t3OG
f20Rt1x9PJHRvbmTZZ4JvDUZ9FsmeQBUDERQ7kByI1x0/KNB9qXuPz4NA0nbT22T
GvBWXvMZ7ipnILD9VSc1Oiy/6+Cm/HjeOlWlj0clmpXrucBk3rGwcmSHvN2u89n7
r+WuEn8r9dboXCXdnTBZiJqJDhe6P22lSLlQg7dvtZQJbP63FGSyO8PMO9snrtyq
QrXCqASxW/cWPAMyYf5k12zkbAqnG3ybhviwKhuhuF2z2mfHSt6E8CmTXC+Z+Pmm
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvepzHbDwqy0K7uVK/iOg
A3vrxC3P2vj2eQ8gserDHTlJZ4AfZOQzbW+LFo/xKh8betmJTA9LViJPcvG1T7IA
Q19+qhxpzHEYJZ/5NG0/oMe50vPbtEBqp4/wEaLlldTjVnTRTWAUWpE8DV99pLS0
izngjrO79Z8ArL2MbejAJGs4PL0gwMQS0KVwBbfs5M/dYxTys+zXe7HDqxf1kpYh
/gHoHulZNLvVFp4FUGzgNlt+wxmPmerxdUaUg4V6j077e7K1UuEhhoV6lWMnT1q3
ckBTDzdq3PsbhXqQBQeSrMS80HvpiSiyVhSBwaJLeQKFJRPaPdgoRaAXv4KOhNz0
lwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 34218882908335758400497875287
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Organization Validation CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-11-22 18:05:07 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-09-03 20:15:29 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'San Francisco'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Fastly, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.e.ssl.fastly.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23974651080647772280841915528180761275998362364860197498226692756522753359645640110412056103593321608200491147493783593777387178705562426967784452435982583845759063774932878883534510062408333671283064765786897593791930109299025933670673184210546751511916240339815490173901401571409544131542243998406970819023621604565926819463802617458635519195955373472917893250854560037516992271906891538871614571739244097610379578991064735710528152430969011155441192048437553655112672387484702197876987709765141466092220869074861426240104381362949337210156578469330942707165211772220294110612755708856730925205984942667554803741847
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (147 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsorganizationvalsha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1045 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.e.ssl.fastly.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.bigcartel.biz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.bigcartel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.blendle.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.esetstatic.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.eyeem.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.fastly-plugins.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ft.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.fubo.tv'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.highfive.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.livenation.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.lostmy.name'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.nexus.bazaarvoice.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.nrml.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ookla.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.palantir.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.perftest-mini.hoteltonight-test.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.speedtest.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ticketcity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blendle.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bostonherald.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'btownmenus.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'c.tadst.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdn.bronto.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdn.paybygroup.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dashboard.yesgraph.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'downloads.haskell.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eyeem.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fastly.kastatic.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'freesecure.timeanddate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ft.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fubo.tv'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hackage.haskell.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'highfive.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hungrybuffs.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.guim.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'milehighmenus.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nrml.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'palantir.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pao-pao.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'plugins.fastly.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'reso.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.img1.josscdn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.img1.wfrcdn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.img2.josscdn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.img2.wfrcdn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'speculateup.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'speedtest.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ticketcity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'unicef.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.bostonherald.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.celebsgonegood.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.haskell.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.puresolo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.reso.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roh.org.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.themarshallproject.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.timeanddate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'e.ssl.fastly.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ec2edefceffa8646f6d1cba9a05b466bb1899f4f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 96de61f1bd1c1629531cc0cc7d3b830040e61a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (486 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (482 bytes)
							01e0007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000015fe4e7abb0000004030047304502201f71d0fa52de619f3e48d1f4c4a6634df5421e999d44deabd2ffc3524f61ab44022100dcb8b0d7375bed10dc91b666b8802e4963c37be58edca0d69e614b7074dbc7de0076005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000015fe4e7abdf0000040300473045022100ade44f11eee13f06d09032781cb8b49da13660ea7abf03b4960dc425e0490d5402201eb6c1e026262c675bf5fe89a8e9fa5e52bb09faf75cd0836d97b5e1afd31408007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015fe4e7ab6000000403004730450221009bda4d07444aaf50011a69cbe684f397479cd4edde5208700bce9e8f9a2166a902207e4d84fbb500d3a2594173cc5b137e04f404154e2022d3c8c236b0dfe98f4b46007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000015fe4e7ae6f00000403004730450221009979b58f087f5a769952e68b68e1a0f4d9b743f684827b38688ae4b80e1341d902207056d4370ea9c2a6928e147041196bfcd9d3e0602a2a328dbae386960230e6fd
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0075bfe88c33bd4e279b3fc3557a4440858d09630e582426243d51ecef180e4a4fe63ced6bba80077135d50e9b21b05a45c0d78c4c9e3d67e48be85e14bcb773867f6d11b75c7d3c91d1bdb993659e09bc3519f45b267900540c4450ee4072235c74fca341f6a5ee3f3e0d0349db4f6d931af0565ef319ee2a6720b0fd5527353a2cbfebe0a6fc78de3a55a58f47259a95ebb9c064deb1b0726487bcddaef3d9fbafe5ae127f2bf5d6e85c25dd9d3059889a890e17ba3f6da548b95083b76fb594096cfeb71464b23bc3cc3bdb27aedcaa42b5c2a804b15bf7163c033261fe64d76ce46c0aa71b7c9b86f8b02a1ba1b85db3da67c74ade84f029935c2f99f8f9a6