dfm2.map.fastly.net

- Fastly, Inc. -

Issued by GlobalSign CloudSSL CA - SHA256 - G3

About this certificate

This digital certificate with serial number 49:29:e8:cf:93:be:a5:52:56:3e:a4:71 was issued on by GlobalSign nv-sa.

With 61 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Fastly, Inc.

Organization: Fastly, Inc.
State / Province: California
Locality: San Francisco
Country: US

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 49:29:e8:cf:93:be:a5:52:56:3e:a4:71
Serial Number (int): 22643071093708567170842010737
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: d2:72:96:54:0a:51:2b:9b:5f:8e:c4:59:a1:94:3d:43:c2:59:bd:2c
AuthorityKeyId: a9:2b:87:e1:ce:24:47:3b:1b:bf:cf:85:37:02:55:9d:0d:94:58:e6

Fingerprint (sha1): 3c:97:a3:df:ac:8c:90:99:00:e2:f5:49:e9:8b:38:32:4e:07:7d:54
Fingerprint (sha256): e3:55:21:6c:8a:b3:3a:02:f3:78:df:82:b0:d2:3f:46:62:f8:ce:ca:0d:23:c2:28:f1:9d:a7:a5:10:0f:fa:19

Issuing Certificate URL: http://secure.globalsign.com/cacert/cloudsslsha2g3.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/cloudsslsha2g3

Check the revocation status for certificate dfm2.map.fastly.net

61

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for dfm2.map.fastly.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

dfm2.map.fastly.net
blogs.denverpost.com
blogs.mercurynews.com
crime.denverpost.com
elections.denverpost.com
extras.denverpost.com
mngli.bostonherald.com
mngli.chicoer.com
mngli.dailybreeze.com
mngli.dailybulletin.com
mngli.dailycamera.com
mngli.dailydemocrat.com
mngli.dailyfreeman.com
mngli.dailylocal.com
mngli.dailynews.com
mngli.dailytribune.com
mngli.delcotimes.com
mngli.denverpost.com
mngli.eastbaytimes.com
mngli.lowellsun.com
mngli.macombdaily.com
mngli.marinij.com
mngli.mercurynews.com
mngli.montereyherald.com
mngli.morningjournal.com
mngli.news-herald.com
mngli.ocregister.com
mngli.oneidadispatch.com
mngli.orovillemr.com
mngli.pasadenastarnews.com
mngli.pe.com
mngli.pottsmerc.com
mngli.presstelegram.com
mngli.readingeagle.com
mngli.record-bee.com
mngli.redbluffdailynews.com
mngli.redlandsdailyfacts.com
mngli.reporterherald.com
mngli.santacruzsentinel.com
mngli.saratogian.com
mngli.sbsun.com
mngli.sentinelandenterprise.com
mngli.sgvtribune.com
mngli.themorningsun.com
mngli.theoaklandpress.com
mngli.thereporter.com
mngli.thereporteronline.com
mngli.times-standard.com
mngli.timescall.com
mngli.timesherald.com
mngli.timesheraldonline.com
mngli.trentonian.com
mngli.troyrecord.com
mngli.twincities.com
mngli.ukiahdailyjournal.com
mngli.whittierdailynews.com
mobile-dashboard.digitalfirstmedia.com
theknow.denverpost.com
www.bayareanewsgroup.com
www.thecannabist.co
yourhub.denverpost.com

Other certificates including the domain name dfm2.map.fastly.net

(limited to 100 certificates)
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net
dfm2.map.fastly.net

Certificate

The complete raw certificate details for dfm2.map.fastly.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIKlTCCCX2gAwIBAgIMSSnoz5O+pVJWPqRxMA0GCSqGSIb3DQEBCwUAMFcxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS0wKwYDVQQDEyRH
bG9iYWxTaWduIENsb3VkU1NMIENBIC0gU0hBMjU2IC0gRzMwHhcNMjEwMTEzMTcw
MDE1WhcNMjEwNDIwMTg0NjQ1WjBvMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2Fs
aWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEVMBMGA1UECgwMRmFzdGx5
LCBJbmMuMRwwGgYDVQQDDBNkZm0yLm1hcC5mYXN0bHkubmV0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoseGOsA+AO3okCkOVKK3B7FEtARSUlNZmETo
cf+H9tfqwtMet7n+mdnoiXMPSDXzLCxdvwsCGqwyqwvKNxDOzJcuii5HJTU7MY7C
Xc7Jm6Nd+OSgQg7sU78JrEime3YTFkQnTMj4Ou0FLY1kYI/3RUri+hfUkwLSBZuw
J9320ymoQYRYbvydzb/MROUT7gsOG7cuAq3goqIkPYukLQeRI0fmc0K9tR0Nwu+b
oAuUuXH8Wu5S+n9w0nPOTDL0wOOvo7d36hSixt24x/NpOdqoVrULdsG6N7474Smg
lY6zeoAgnGrPsWVCYoG3/5gu9BE3pHVfdF+M0bYFX1Hm1k1yTQIDAQABo4IHRzCC
B0MwDgYDVR0PAQH/BAQDAgWgMIGKBggrBgEFBQcBAQR+MHwwQgYIKwYBBQUHMAKG
Nmh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2Nsb3Vkc3Nsc2hh
MmczLmNydDA2BggrBgEFBQcwAYYqaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29t
L2Nsb3Vkc3Nsc2hhMmczMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYB
BQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgG
BmeBDAECAjAJBgNVHRMEAjAAMIIFywYDVR0RBIIFwjCCBb6CE2RmbTIubWFwLmZh
c3RseS5uZXSCFGJsb2dzLmRlbnZlcnBvc3QuY29tghVibG9ncy5tZXJjdXJ5bmV3
cy5jb22CFGNyaW1lLmRlbnZlcnBvc3QuY29tghhlbGVjdGlvbnMuZGVudmVycG9z
dC5jb22CFWV4dHJhcy5kZW52ZXJwb3N0LmNvbYIWbW5nbGkuYm9zdG9uaGVyYWxk
LmNvbYIRbW5nbGkuY2hpY29lci5jb22CFW1uZ2xpLmRhaWx5YnJlZXplLmNvbYIX
bW5nbGkuZGFpbHlidWxsZXRpbi5jb22CFW1uZ2xpLmRhaWx5Y2FtZXJhLmNvbYIX
bW5nbGkuZGFpbHlkZW1vY3JhdC5jb22CFm1uZ2xpLmRhaWx5ZnJlZW1hbi5jb22C
FG1uZ2xpLmRhaWx5bG9jYWwuY29tghNtbmdsaS5kYWlseW5ld3MuY29tghZtbmds
aS5kYWlseXRyaWJ1bmUuY29tghRtbmdsaS5kZWxjb3RpbWVzLmNvbYIUbW5nbGku
ZGVudmVycG9zdC5jb22CFm1uZ2xpLmVhc3RiYXl0aW1lcy5jb22CE21uZ2xpLmxv
d2VsbHN1bi5jb22CFW1uZ2xpLm1hY29tYmRhaWx5LmNvbYIRbW5nbGkubWFyaW5p
ai5jb22CFW1uZ2xpLm1lcmN1cnluZXdzLmNvbYIYbW5nbGkubW9udGVyZXloZXJh
bGQuY29tghhtbmdsaS5tb3JuaW5nam91cm5hbC5jb22CFW1uZ2xpLm5ld3MtaGVy
YWxkLmNvbYIUbW5nbGkub2NyZWdpc3Rlci5jb22CGG1uZ2xpLm9uZWlkYWRpc3Bh
dGNoLmNvbYIUbW5nbGkub3JvdmlsbGVtci5jb22CGm1uZ2xpLnBhc2FkZW5hc3Rh
cm5ld3MuY29tggxtbmdsaS5wZS5jb22CE21uZ2xpLnBvdHRzbWVyYy5jb22CF21u
Z2xpLnByZXNzdGVsZWdyYW0uY29tghZtbmdsaS5yZWFkaW5nZWFnbGUuY29tghRt
bmdsaS5yZWNvcmQtYmVlLmNvbYIbbW5nbGkucmVkYmx1ZmZkYWlseW5ld3MuY29t
ghxtbmdsaS5yZWRsYW5kc2RhaWx5ZmFjdHMuY29tghhtbmdsaS5yZXBvcnRlcmhl
cmFsZC5jb22CG21uZ2xpLnNhbnRhY3J1enNlbnRpbmVsLmNvbYIUbW5nbGkuc2Fy
YXRvZ2lhbi5jb22CD21uZ2xpLnNic3VuLmNvbYIfbW5nbGkuc2VudGluZWxhbmRl
bnRlcnByaXNlLmNvbYIUbW5nbGkuc2d2dHJpYnVuZS5jb22CF21uZ2xpLnRoZW1v
cm5pbmdzdW4uY29tghltbmdsaS50aGVvYWtsYW5kcHJlc3MuY29tghVtbmdsaS50
aGVyZXBvcnRlci5jb22CG21uZ2xpLnRoZXJlcG9ydGVyb25saW5lLmNvbYIYbW5n
bGkudGltZXMtc3RhbmRhcmQuY29tghNtbmdsaS50aW1lc2NhbGwuY29tghVtbmds
aS50aW1lc2hlcmFsZC5jb22CG21uZ2xpLnRpbWVzaGVyYWxkb25saW5lLmNvbYIU
bW5nbGkudHJlbnRvbmlhbi5jb22CFG1uZ2xpLnRyb3lyZWNvcmQuY29tghRtbmds
aS50d2luY2l0aWVzLmNvbYIbbW5nbGkudWtpYWhkYWlseWpvdXJuYWwuY29tghtt
bmdsaS53aGl0dGllcmRhaWx5bmV3cy5jb22CJm1vYmlsZS1kYXNoYm9hcmQuZGln
aXRhbGZpcnN0bWVkaWEuY29tghZ0aGVrbm93LmRlbnZlcnBvc3QuY29tghh3d3cu
YmF5YXJlYW5ld3Nncm91cC5jb22CE3d3dy50aGVjYW5uYWJpc3QuY2+CFnlvdXJo
dWIuZGVudmVycG9zdC5jb20wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MB8GA1UdIwQYMBaAFKkrh+HOJEc7G7/PhTcCVZ0NlFjmMB0GA1UdDgQWBBTScpZU
ClErm1+OxFmhlD1Dwlm9LDATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0B
AQsFAAOCAQEAe8ZKGG1anbl3hMvtK5wegtjdBT+HcYPEnEj7b/ygLU/BYBVhQ4aq
kZ6vBo5YvBpgutNQlTKZaBvJ3mHAGQi2WUCFrPe1lFB4Wy5nB++qleZAxCaasaSx
IExUgFUhFw9OmDVgUaWdD/yUZ+wwRndpRoO7RB14HF5z4ryLVHEHiw63IHyUsjrH
/EeO6pmBQ9Q4KmxRch9+qs6mclZsMGLo1z/3NTeVvjkvztESN8ogGB9gAEQyqTuA
95GLhYkRChLWnY7pF5o1D/hWThc+gsLck1QUrMeVfoipgAukr5t/bLfu541GHRWK
QUN3SVjE6GVXMc2UvOXlPdgojlXJDt97og==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoseGOsA+AO3okCkOVKK3
B7FEtARSUlNZmETocf+H9tfqwtMet7n+mdnoiXMPSDXzLCxdvwsCGqwyqwvKNxDO
zJcuii5HJTU7MY7CXc7Jm6Nd+OSgQg7sU78JrEime3YTFkQnTMj4Ou0FLY1kYI/3
RUri+hfUkwLSBZuwJ9320ymoQYRYbvydzb/MROUT7gsOG7cuAq3goqIkPYukLQeR
I0fmc0K9tR0Nwu+boAuUuXH8Wu5S+n9w0nPOTDL0wOOvo7d36hSixt24x/NpOdqo
VrULdsG6N7474SmglY6zeoAgnGrPsWVCYoG3/5gu9BE3pHVfdF+M0bYFX1Hm1k1y
TQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 22643071093708567170842010737
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign CloudSSL CA - SHA256 - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-01-13 17:00:15 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-20 18:46:45 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'San Francisco'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Fastly, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'dfm2.map.fastly.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20548994520593837425071739350284976953269409229361971320442771941746798114265935233374994074414243156609873454131252949446981093446546868826307898492409214446240085490252482506592068539622062529227468696029673464303277172542893271293047563170845093454208992840499681707483791899192925790621918577165170124481740516243229220816487526065900320649868109025859749949439620060561656619101794816977368411275945250889946125679589414486397413125172397334390063052753074291143861177658467687597984638242396042811665033751441808172270243244651837197387892356571899589340651006101438279726877869976910968326560845296910293889613
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/cloudsslsha2g3.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/cloudsslsha2g3'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1474 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dfm2.map.fastly.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blogs.denverpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blogs.mercurynews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'crime.denverpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'elections.denverpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'extras.denverpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.bostonherald.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.chicoer.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.dailybreeze.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.dailybulletin.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.dailycamera.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.dailydemocrat.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.dailyfreeman.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.dailylocal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.dailynews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.dailytribune.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.delcotimes.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.denverpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.eastbaytimes.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.lowellsun.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.macombdaily.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.marinij.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.mercurynews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.montereyherald.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.morningjournal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.news-herald.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.ocregister.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.oneidadispatch.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.orovillemr.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.pasadenastarnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.pe.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.pottsmerc.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.presstelegram.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.readingeagle.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.record-bee.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.redbluffdailynews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.redlandsdailyfacts.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.reporterherald.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.santacruzsentinel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.saratogian.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.sbsun.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.sentinelandenterprise.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.sgvtribune.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.themorningsun.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.theoaklandpress.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.thereporter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.thereporteronline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.times-standard.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.timescall.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.timesherald.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.timesheraldonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.trentonian.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.troyrecord.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.twincities.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.ukiahdailyjournal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mngli.whittierdailynews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobile-dashboard.digitalfirstmedia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'theknow.denverpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.bayareanewsgroup.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.thecannabist.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'yourhub.denverpost.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a92b87e1ce24473b1bbfcf853702559d0d9458e6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d27296540a512b9b5f8ec459a1943d43c259bd2c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007bc64a186d5a9db97784cbed2b9c1e82d8dd053f877183c49c48fb6ffca02d4fc16015614386aa919eaf068e58bc1a60bad350953299681bc9de61c01908b6594085acf7b59450785b2e6707efaa95e640c4269ab1a4b1204c54805521170f4e98356051a59d0ffc9467ec304677694683bb441d781c5e73e2bc8b5471078b0eb7207c94b23ac7fc478eea998143d4382a6c51721f7eaacea672566c3062e8d73ff7353795be392fced11237ca20181f60004432a93b80f7918b8589110a12d69d8ee9179a350ff8564e173e82c2dc935414acc7957e88a9800ba4af9b7f6cb7eee78d461d158a4143774958c4e8655731cd94bce5e53dd8288e55c90edf7ba2