san1.klmonline.com
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 04:e6:ea:43:a0:76:92:7c:93:27:bd:cd:42:06:53:3a:91:53 was issued on by Let's Encrypt.
With 67 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=san1.klmonline.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:e6:ea:43:a0:76:92:7c:93:27:bd:cd:42:06:53:3a:91:53Serial Number (int): 427025478608339820504889341037397715620179
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 3c:c9:1f:74:40:37:42:ae:cf:2b:2c:2c:d6:b0:e1:1f:43:15:c8:f1
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 48:09:93:8e:87:78:ac:13:8f:70:3f:8e:11:bf:ac:fd:cd:d8:43:6b
Fingerprint (sha256): d9:89:af:55:fd:f5:ca:9f:ac:43:fb:1b:e5:b3:1c:1a:cb:50:03:e9:9f:17:c5:ef:2f:02:1d:2c:30:ea:c5:3a
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate san1.klmonline.com
67
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for san1.klmonline.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
amsterdam-cms.klm.com
amsterdam.klm.com
bannerspace.klm.com
blog-origin.klm.com
blog.klm.com
brand.klm.com
bumblebee.klm.com
campaigndesigner.klm.com
campaigndesigner2.klm.com
campaigns-origin.klm.com
dream.klm.com
experience.klm.com
farefeed.klm.com
fightblue.klm.com
flightbundlebusiness.klm.com
flyresponsibly.klm.com
gamification.klm.com
groepen.klm.com
inspirationalhub.klm.com
jcc.klm.com
jijenklm.nl
lasvegas.klm.com
librodereclamaciones.klm.com
livedeals.klm.com
livedeals.klm.nl
livestreammachine.klm.com
lwcdn.klm.com
musicquiz.klm.com
neverdone-origin.klm.com
offers.klm.com
ondernemen.klm.com
onyourmap.klm.com
paapi.klm.com
packagedeals.klm.com
passport-cms.klm.com
passport.klm.com
paymentpa.klm.com
photocompetition.klm.com
play-cms.klm.com
play-origin.klm.com
pricealerts.klm.com
privacy.klm.com
promotions.klm.com
quoidenouveau.flyingblue.com
reasons.klm.com
running.klm.com
san1.klmonline.com
schiphol-service.klm.com
shop.klm.com
social-origin.klmonline.com
socialpayments.klm.com
socialtv.klm.com
surf.klm.com
sustainability.klm.com
take-me-there.klm.com
travelforcities.klm.com
travelforfood.klm.com
travelforsurf-origin.klm.com
wannagives.klm.com
wbc.klm.com
wecare.klm.com
weetenwin-cms.klm.com
weetenwin.klm.com
werelddealwekker.klm.com
whatsnew.flyingblue.com
winwith.klm.com
www.jijenklm.nl
amsterdam.klm.com
bannerspace.klm.com
blog-origin.klm.com
blog.klm.com
brand.klm.com
bumblebee.klm.com
campaigndesigner.klm.com
campaigndesigner2.klm.com
campaigns-origin.klm.com
dream.klm.com
experience.klm.com
farefeed.klm.com
fightblue.klm.com
flightbundlebusiness.klm.com
flyresponsibly.klm.com
gamification.klm.com
groepen.klm.com
inspirationalhub.klm.com
jcc.klm.com
jijenklm.nl
lasvegas.klm.com
librodereclamaciones.klm.com
livedeals.klm.com
livedeals.klm.nl
livestreammachine.klm.com
lwcdn.klm.com
musicquiz.klm.com
neverdone-origin.klm.com
offers.klm.com
ondernemen.klm.com
onyourmap.klm.com
paapi.klm.com
packagedeals.klm.com
passport-cms.klm.com
passport.klm.com
paymentpa.klm.com
photocompetition.klm.com
play-cms.klm.com
play-origin.klm.com
pricealerts.klm.com
privacy.klm.com
promotions.klm.com
quoidenouveau.flyingblue.com
reasons.klm.com
running.klm.com
san1.klmonline.com
schiphol-service.klm.com
shop.klm.com
social-origin.klmonline.com
socialpayments.klm.com
socialtv.klm.com
surf.klm.com
sustainability.klm.com
take-me-there.klm.com
travelforcities.klm.com
travelforfood.klm.com
travelforsurf-origin.klm.com
wannagives.klm.com
wbc.klm.com
wecare.klm.com
weetenwin-cms.klm.com
weetenwin.klm.com
werelddealwekker.klm.com
whatsnew.flyingblue.com
winwith.klm.com
www.jijenklm.nl
Other certificates including the domain name klmonline.com
(limited to 100 certificates)
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
cmt.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
san1.klmonline.com
Certificate
The complete raw certificate details for san1.klmonline.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIKuDCCCaCgAwIBAgISBObqQ6B2knyTJ73NQgZTOpFTMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMDQwODQ1NDFaFw0y MDAzMDMwODQ1NDFaMB0xGzAZBgNVBAMTEnNhbjEua2xtb25saW5lLmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALscTHQ5XgrFk3h7/+rVG2mU8Oby EoU6v8xdGEWbO3bar7B4nqWUidskTGGkS9j4NrqwLNs1IuqTpt/CsZw314ZIXHcb qzEkGNOEtH27NeZ4yHO2OtYnR4NeO4kacHBZBuCe08qe0RUgZyFrHhOyYsbbV4W0 A+8Pa+bCjHo2gCOZvWQFIBdaVBCDdRCLb+851DNwxgyP6WVNSEMG1T28ifiRuFUp XQjy1XVL9tAhC9CtsSOYcgUCMwwLOAvH0Ee0wHh5QrOyu65pE6omBn4qJ1YfN8/h q6tT0KhmWLfwyC/bW8sj0FmkgQu8iTS3H5I+OdDHNbLEUW02LP8KOb7iNVECAwEA AaOCB8Mwgge/MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPMkfdEA3Qq7PKyws1rDh H0MVyPEwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUH AQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5 cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5 cHQub3JnLzCCBXUGA1UdEQSCBWwwggVoghVhbXN0ZXJkYW0tY21zLmtsbS5jb22C EWFtc3RlcmRhbS5rbG0uY29tghNiYW5uZXJzcGFjZS5rbG0uY29tghNibG9nLW9y aWdpbi5rbG0uY29tggxibG9nLmtsbS5jb22CDWJyYW5kLmtsbS5jb22CEWJ1bWJs ZWJlZS5rbG0uY29tghhjYW1wYWlnbmRlc2lnbmVyLmtsbS5jb22CGWNhbXBhaWdu ZGVzaWduZXIyLmtsbS5jb22CGGNhbXBhaWducy1vcmlnaW4ua2xtLmNvbYINZHJl YW0ua2xtLmNvbYISZXhwZXJpZW5jZS5rbG0uY29tghBmYXJlZmVlZC5rbG0uY29t ghFmaWdodGJsdWUua2xtLmNvbYIcZmxpZ2h0YnVuZGxlYnVzaW5lc3Mua2xtLmNv bYIWZmx5cmVzcG9uc2libHkua2xtLmNvbYIUZ2FtaWZpY2F0aW9uLmtsbS5jb22C D2dyb2VwZW4ua2xtLmNvbYIYaW5zcGlyYXRpb25hbGh1Yi5rbG0uY29tggtqY2Mu a2xtLmNvbYILamlqZW5rbG0ubmyCEGxhc3ZlZ2FzLmtsbS5jb22CHGxpYnJvZGVy ZWNsYW1hY2lvbmVzLmtsbS5jb22CEWxpdmVkZWFscy5rbG0uY29tghBsaXZlZGVh bHMua2xtLm5sghlsaXZlc3RyZWFtbWFjaGluZS5rbG0uY29tgg1sd2Nkbi5rbG0u Y29tghFtdXNpY3F1aXoua2xtLmNvbYIYbmV2ZXJkb25lLW9yaWdpbi5rbG0uY29t gg5vZmZlcnMua2xtLmNvbYISb25kZXJuZW1lbi5rbG0uY29tghFvbnlvdXJtYXAu a2xtLmNvbYINcGFhcGkua2xtLmNvbYIUcGFja2FnZWRlYWxzLmtsbS5jb22CFHBh c3Nwb3J0LWNtcy5rbG0uY29tghBwYXNzcG9ydC5rbG0uY29tghFwYXltZW50cGEu a2xtLmNvbYIYcGhvdG9jb21wZXRpdGlvbi5rbG0uY29tghBwbGF5LWNtcy5rbG0u Y29tghNwbGF5LW9yaWdpbi5rbG0uY29tghNwcmljZWFsZXJ0cy5rbG0uY29tgg9w cml2YWN5LmtsbS5jb22CEnByb21vdGlvbnMua2xtLmNvbYIccXVvaWRlbm91dmVh dS5mbHlpbmdibHVlLmNvbYIPcmVhc29ucy5rbG0uY29tgg9ydW5uaW5nLmtsbS5j b22CEnNhbjEua2xtb25saW5lLmNvbYIYc2NoaXBob2wtc2VydmljZS5rbG0uY29t ggxzaG9wLmtsbS5jb22CG3NvY2lhbC1vcmlnaW4ua2xtb25saW5lLmNvbYIWc29j aWFscGF5bWVudHMua2xtLmNvbYIQc29jaWFsdHYua2xtLmNvbYIMc3VyZi5rbG0u Y29tghZzdXN0YWluYWJpbGl0eS5rbG0uY29tghV0YWtlLW1lLXRoZXJlLmtsbS5j b22CF3RyYXZlbGZvcmNpdGllcy5rbG0uY29tghV0cmF2ZWxmb3Jmb29kLmtsbS5j b22CHHRyYXZlbGZvcnN1cmYtb3JpZ2luLmtsbS5jb22CEndhbm5hZ2l2ZXMua2xt LmNvbYILd2JjLmtsbS5jb22CDndlY2FyZS5rbG0uY29tghV3ZWV0ZW53aW4tY21z LmtsbS5jb22CEXdlZXRlbndpbi5rbG0uY29tghh3ZXJlbGRkZWFsd2Vra2VyLmts bS5jb22CF3doYXRzbmV3LmZseWluZ2JsdWUuY29tgg93aW53aXRoLmtsbS5jb22C D3d3dy5qaWplbmtsbS5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC AQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3ALIeBcyLos2KIE6HZvkruYolIGdr2vpw 57JJUy3vi5BeAAABbtBNDkQAAAQDAEgwRgIhALKZbVzlktCy352XnV2Ds6d0rhgp nioX5AolYqSRkz18AiEApcTxthuj4Q1/VT7ls4QHbgG/3qVcMCzzV4jQqnZ5LHYA dwBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW7QTQ65AAAEAwBI MEYCIQC5VUQU9nH4fbGGmK46PwxdL0XvDlnVS65aKFan6PO4twIhAJvlztdkUchi Q+nzkje7hHcPt1I3bmHxiOrPn5aI4IuLMA0GCSqGSIb3DQEBCwUAA4IBAQAhJeti qo34318XG2ONS7jkcY+KfL+UO8jV+fLNXUGFZYuiodYORWD+3eTJFmF0b8r0nKj7 l5Yhcxa0/j6/khpTCB8Vi7UkAjDG6fsDCZXjY1wWP3vqXVoKoQ8ByoJ4e4frEReE krUnEnhCh/lZtGayzaEG5Ok+SsZzC1mJ1sZFhK4I4yJeHpjAdvId03UPmtH4Pbgp Et57Ia22Deo7Rd7vHe6r0LbaMqGyCS0YY4E3ZW4worz0NOwDti+orYrNPoTyxMQr wlnK2kERD2m5TqpJfYgOBEPhjst9/ydbAIOsRJY4J/KKl12bqGveo4yPmjPzMjlY tnZ5tXUyB8qyemXb -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxxMdDleCsWTeHv/6tUb aZTw5vIShTq/zF0YRZs7dtqvsHiepZSJ2yRMYaRL2Pg2urAs2zUi6pOm38KxnDfX hkhcdxurMSQY04S0fbs15njIc7Y61idHg147iRpwcFkG4J7Typ7RFSBnIWseE7Ji xttXhbQD7w9r5sKMejaAI5m9ZAUgF1pUEIN1EItv7znUM3DGDI/pZU1IQwbVPbyJ +JG4VSldCPLVdUv20CEL0K2xI5hyBQIzDAs4C8fQR7TAeHlCs7K7rmkTqiYGfion Vh83z+Grq1PQqGZYt/DIL9tbyyPQWaSBC7yJNLcfkj450Mc1ssRRbTYs/wo5vuI1 UQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 427025478608339820504889341037397715620179 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-12-04 08:45:41 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-03 08:45:41 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'san1.klmonline.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23620517612292634676070428618058863575729841764362392378162794849894873847495732710760218919824377455820925405442671512002582510879860238391944221617227388037269844197126922792330202696952347645080526148335953588516419477659965933007573790496688672404135917544506181963984441431401143613521610911527734274988454953541706068788645864581713244230651875761912572497256470556562401039147979390047439050958340678569669551420665371135637869253109886257645076836516891945520424110982869392750498462904319524436903681818626109261349767491009582988878719580825509280591662541836158780778156221043178480398761778999500472464721 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 3cc91f74403742aecf2b2c2cd6b0e11f4315c8f1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1388 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'amsterdam-cms.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'amsterdam.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bannerspace.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog-origin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'brand.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bumblebee.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'campaigndesigner.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'campaigndesigner2.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'campaigns-origin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dream.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'experience.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'farefeed.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fightblue.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'flightbundlebusiness.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'flyresponsibly.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gamification.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'groepen.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'inspirationalhub.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jcc.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jijenklm.nl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lasvegas.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'librodereclamaciones.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'livedeals.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'livedeals.klm.nl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'livestreammachine.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lwcdn.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musicquiz.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'neverdone-origin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'offers.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ondernemen.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onyourmap.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'paapi.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'packagedeals.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'passport-cms.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'passport.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'paymentpa.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'photocompetition.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'play-cms.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'play-origin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pricealerts.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'privacy.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'promotions.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'quoidenouveau.flyingblue.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'reasons.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'running.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'san1.klmonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'schiphol-service.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shop.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'social-origin.klmonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'socialpayments.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'socialtv.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'surf.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sustainability.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'take-me-there.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'travelforcities.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'travelforfood.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'travelforsurf-origin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wannagives.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wbc.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wecare.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'weetenwin-cms.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'weetenwin.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'werelddealwekker.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'whatsnew.flyingblue.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'winwith.klm.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jijenklm.nl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) 00f2007700b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e0000016ed04d0e440000040300483046022100b2996d5ce592d0b2df9d979d5d83b3a774ae18299e2a17e40a2562a491933d7c022100a5c4f1b61ba3e10d7f553ee5b384076e01bfdea55c302cf35788d0aa76792c760077006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016ed04d0eb90000040300483046022100b9554414f671f87db18698ae3a3f0c5d2f45ef0e59d54bae5a2856a7e8f3b8b70221009be5ced76451c86243e9f39237bb84770fb752376e61f188eacf9f9688e08b8b . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 002125eb62aa8df8df5f171b638d4bb8e4718f8a7cbf943bc8d5f9f2cd5d4185658ba2a1d60e4560fedde4c91661746fcaf49ca8fb9796217316b4fe3ebf921a53081f158bb5240230c6e9fb030995e3635c163f7bea5d5a0aa10f01ca82787b87eb11178492b52712784287f959b466b2cda106e4e93e4ac6730b5989d6c64584ae08e3225e1e98c076f21dd3750f9ad1f83db82912de7b21adb60dea3b45deef1deeabd0b6da32a1b2092d18638137656e30a2bcf434ec03b62fa8ad8acd3e84f2c4c42bc259cada41110f69b94eaa497d880e0443e18ecb7dff275b0083ac44963827f28a975d9ba86bdea38c8f9a33f3323958b67679b5753207cab27a65db