| blob | 337cccd03006637806c3646c58f335f5da0bd1e9 |
1 This is a real-world certificate (in fact the same as cert_version3.pem)
5 -----BEGIN TBS CERTIFICATE-----
6 MIIEP6ADAgECAgcrY6QqcFB2MA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEQMA4GA1U
7 ECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIE
8 luYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9ye
9 TEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYD
10 VQQFEwgwNzk2OTI4NzAeFw0xMjA0MTkxMzUzMjRaFw0xMzA0MTkxMzUzMjRaME8xFDASBgNVBAo
11 TC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBA
12 MTC2t0aHVsaHUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNL
13 J7RCgAYmH4vG87FFPFm5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1b
14 bP3Z4+Ra3ENv7cpwQbQjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7
15 ss/zwTVspYnxvU7oDcqOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvr
16 LAYt/etAxrmHcMUVJbW+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4S
17 rPYLxXytqrU1yLi32xgWwHu1A7fIQIDAQABo4IBujCCAbYwDwYDVR0TAQH/BAUwAwEBADAdBgNV
18 HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDMGA1UdHwQsMCowKKA
19 moCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RzMS02OC5jcmwwUwYDVR0gBEwwSjBIBgtghk
20 gBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL
21 3JlcG9zaXRvcnkvMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv
22 ZGFkZHkuY29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9
23 yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axhMpNsRdbi7oVfmr
24 rndplozOcwJwYDVR0RBCAwHoILa3RodWxodS5uZXSCD3d3dy5rdGh1bGh1Lm5ldDAdBgNVHQ4EF
25 gQUox4asank9VC8PgXhdM8B0J414Bc=
26 -----END TBS CERTIFICATE-----
28 $ openssl asn1parse -i < [TBS CERTIFICATE]
29 0:d=0 hl=4 l=1087 cons: SEQUENCE
30 4:d=1 hl=2 l= 3 cons: cont [ 0 ]
31 6:d=2 hl=2 l= 1 prim: INTEGER :02
32 9:d=1 hl=2 l= 7 prim: INTEGER :2B63A42A705076
33 18:d=1 hl=2 l= 13 cons: SEQUENCE
34 20:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
35 31:d=2 hl=2 l= 0 prim: NULL
36 33:d=1 hl=3 l= 202 cons: SEQUENCE
37 36:d=2 hl=2 l= 11 cons: SET
38 38:d=3 hl=2 l= 9 cons: SEQUENCE
39 40:d=4 hl=2 l= 3 prim: OBJECT :countryName
40 45:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
41 49:d=2 hl=2 l= 16 cons: SET
42 51:d=3 hl=2 l= 14 cons: SEQUENCE
43 53:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
44 58:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Arizona
45 67:d=2 hl=2 l= 19 cons: SET
46 69:d=3 hl=2 l= 17 cons: SEQUENCE
47 71:d=4 hl=2 l= 3 prim: OBJECT :localityName
48 76:d=4 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale
49 88:d=2 hl=2 l= 26 cons: SET
50 90:d=3 hl=2 l= 24 cons: SEQUENCE
51 92:d=4 hl=2 l= 3 prim: OBJECT :organizationName
52 97:d=4 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc.
53 116:d=2 hl=2 l= 51 cons: SET
54 118:d=3 hl=2 l= 49 cons: SEQUENCE
55 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
56 125:d=4 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository
57 169:d=2 hl=2 l= 48 cons: SET
58 171:d=3 hl=2 l= 46 cons: SEQUENCE
59 173:d=4 hl=2 l= 3 prim: OBJECT :commonName
60 178:d=4 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority
61 219:d=2 hl=2 l= 17 cons: SET
62 221:d=3 hl=2 l= 15 cons: SEQUENCE
63 223:d=4 hl=2 l= 3 prim: OBJECT :serialNumber
64 228:d=4 hl=2 l= 8 prim: PRINTABLESTRING :07969287
65 238:d=1 hl=2 l= 30 cons: SEQUENCE
66 240:d=2 hl=2 l= 13 prim: UTCTIME :120419135324Z
67 255:d=2 hl=2 l= 13 prim: UTCTIME :130419135324Z
68 270:d=1 hl=2 l= 79 cons: SEQUENCE
69 272:d=2 hl=2 l= 20 cons: SET
70 274:d=3 hl=2 l= 18 cons: SEQUENCE
71 276:d=4 hl=2 l= 3 prim: OBJECT :organizationName
72 281:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net
73 294:d=2 hl=2 l= 33 cons: SET
74 296:d=3 hl=2 l= 31 cons: SEQUENCE
75 298:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
76 303:d=4 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated
77 329:d=2 hl=2 l= 20 cons: SET
78 331:d=3 hl=2 l= 18 cons: SEQUENCE
79 333:d=4 hl=2 l= 3 prim: OBJECT :commonName
80 338:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net
81 351:d=1 hl=4 l= 290 cons: SEQUENCE
82 355:d=2 hl=2 l= 13 cons: SEQUENCE
83 357:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
84 368:d=3 hl=2 l= 0 prim: NULL
85 370:d=2 hl=4 l= 271 prim: BIT STRING
86 645:d=1 hl=4 l= 442 cons: cont [ 3 ]
87 649:d=2 hl=4 l= 438 cons: SEQUENCE
88 653:d=3 hl=2 l= 15 cons: SEQUENCE
89 655:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
90 660:d=4 hl=2 l= 1 prim: BOOLEAN :255
91 663:d=4 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100
92 670:d=3 hl=2 l= 29 cons: SEQUENCE
93 672:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
94 677:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302
95 701:d=3 hl=2 l= 14 cons: SEQUENCE
96 703:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
97 708:d=4 hl=2 l= 1 prim: BOOLEAN :255
98 711:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
99 717:d=3 hl=2 l= 51 cons: SEQUENCE
100 719:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
101 724:d=4 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C
102 770:d=3 hl=2 l= 83 cons: SEQUENCE
103 772:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
104 777:d=4 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F
105 855:d=3 hl=3 l= 128 cons: SEQUENCE
106 858:d=4 hl=2 l= 8 prim: OBJECT :Authority Information Access
107 868:d=4 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274
108 986:d=3 hl=2 l= 31 cons: SEQUENCE
109 988:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
110 993:d=4 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7
111 1019:d=3 hl=2 l= 39 cons: SEQUENCE
112 1021:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
113 1026:d=4 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574
114 1060:d=3 hl=2 l= 29 cons: SEQUENCE
115 1062:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
116 1067:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017
120 -----BEGIN SERIAL NUMBER-----
121 K2OkKnBQdg==
122 -----END SERIAL NUMBER-----
126 -----BEGIN SIGNATURE ALGORITHM-----
127 MA0GCSqGSIb3DQEBBQUA
128 -----END SIGNATURE ALGORITHM-----
130 $ openssl asn1parse -i < [SIGNATURE ALGORITHM]
131 0:d=0 hl=2 l= 13 cons: SEQUENCE
132 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
133 13:d=1 hl=2 l= 0 prim: NULL
137 -----BEGIN ISSUER-----
138 MIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTE
139 aMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZX
140 MuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZ
141 mljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4Nw==
142 -----END ISSUER-----
144 $ openssl asn1parse -i < [ISSUER]
145 0:d=0 hl=3 l= 202 cons: SEQUENCE
146 3:d=1 hl=2 l= 11 cons: SET
147 5:d=2 hl=2 l= 9 cons: SEQUENCE
148 7:d=3 hl=2 l= 3 prim: OBJECT :countryName
149 12:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US
150 16:d=1 hl=2 l= 16 cons: SET
151 18:d=2 hl=2 l= 14 cons: SEQUENCE
152 20:d=3 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
153 25:d=3 hl=2 l= 7 prim: PRINTABLESTRING :Arizona
154 34:d=1 hl=2 l= 19 cons: SET
155 36:d=2 hl=2 l= 17 cons: SEQUENCE
156 38:d=3 hl=2 l= 3 prim: OBJECT :localityName
157 43:d=3 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale
158 55:d=1 hl=2 l= 26 cons: SET
159 57:d=2 hl=2 l= 24 cons: SEQUENCE
160 59:d=3 hl=2 l= 3 prim: OBJECT :organizationName
161 64:d=3 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc.
162 83:d=1 hl=2 l= 51 cons: SET
163 85:d=2 hl=2 l= 49 cons: SEQUENCE
164 87:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName
165 92:d=3 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository
166 136:d=1 hl=2 l= 48 cons: SET
167 138:d=2 hl=2 l= 46 cons: SEQUENCE
168 140:d=3 hl=2 l= 3 prim: OBJECT :commonName
169 145:d=3 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority
170 186:d=1 hl=2 l= 17 cons: SET
171 188:d=2 hl=2 l= 15 cons: SEQUENCE
172 190:d=3 hl=2 l= 3 prim: OBJECT :serialNumber
173 195:d=3 hl=2 l= 8 prim: PRINTABLESTRING :07969287
177 -----BEGIN VALIDITY NOTBEFORE-----
178 eWVhcj0yMDEyLCBtb250aD00LCBkYXk9MTksIGhvdXJzPTEzLCBtaW51dGVzPTUzLCBzZWNvbmR
179 zPTI0
180 -----END VALIDITY NOTBEFORE-----
182 VALIDITY NOTBEFORE: year=2012, month=4, day=19, hours=13, minutes=53, seconds=24
186 -----BEGIN VALIDITY NOTAFTER-----
187 eWVhcj0yMDEzLCBtb250aD00LCBkYXk9MTksIGhvdXJzPTEzLCBtaW51dGVzPTUzLCBzZWNvbmR
188 zPTI0
189 -----END VALIDITY NOTAFTER-----
191 VALIDITY NOTAFTER: year=2013, month=4, day=19, hours=13, minutes=53, seconds=24
195 -----BEGIN SUBJECT-----
196 ME8xFDASBgNVBAoTC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF
197 0ZWQxFDASBgNVBAMTC2t0aHVsaHUubmV0
198 -----END SUBJECT-----
200 $ openssl asn1parse -i < [SUBJECT]
201 0:d=0 hl=2 l= 79 cons: SEQUENCE
202 2:d=1 hl=2 l= 20 cons: SET
203 4:d=2 hl=2 l= 18 cons: SEQUENCE
204 6:d=3 hl=2 l= 3 prim: OBJECT :organizationName
205 11:d=3 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net
206 24:d=1 hl=2 l= 33 cons: SET
207 26:d=2 hl=2 l= 31 cons: SEQUENCE
208 28:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName
209 33:d=3 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated
210 59:d=1 hl=2 l= 20 cons: SET
211 61:d=2 hl=2 l= 18 cons: SEQUENCE
212 63:d=3 hl=2 l= 3 prim: OBJECT :commonName
213 68:d=3 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net
217 -----BEGIN SPKI-----
218 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNLJ7RCgAYmH4vG87FFPF
219 m5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1bbP3Z4+Ra3ENv7cpwQb
220 QjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7ss/zwTVspYnxvU7oDc
221 qOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvrLAYt/etAxrmHcMUVJb
222 W+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4SrPYLxXytqrU1yLi32x
223 gWwHu1A7fIQIDAQAB
224 -----END SPKI-----
226 $ openssl asn1parse -i < [SPKI]
227 0:d=0 hl=4 l= 290 cons: SEQUENCE
228 4:d=1 hl=2 l= 13 cons: SEQUENCE
229 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
230 17:d=2 hl=2 l= 0 prim: NULL
231 19:d=1 hl=4 l= 271 prim: BIT STRING
235 -----BEGIN EXTENSIONS-----
236 MIIBtjAPBgNVHRMBAf8EBTADAQEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgN
237 VHQ8BAf8EBAMCBaAwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZH
238 MxLTY4LmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6L
239 y9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wgYAGCCsGAQUFBwEBBHQwcjAk
240 BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEoGCCsGAQUFBzAChj5odHRwOi8
241 vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RfaW50ZXJtZWRpYXRlLmNydD
242 AfBgNVHSMEGDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zAnBgNVHREEIDAeggtrdGh1bGh1Lm5ld
243 IIPd3d3Lmt0aHVsaHUubmV0MB0GA1UdDgQWBBSjHhqxqeT1ULw+BeF0zwHQnjXgFw==
244 -----END EXTENSIONS-----
246 $ openssl asn1parse -i < [EXTENSIONS]
247 0:d=0 hl=4 l= 438 cons: SEQUENCE
248 4:d=1 hl=2 l= 15 cons: SEQUENCE
249 6:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
250 11:d=2 hl=2 l= 1 prim: BOOLEAN :255
251 14:d=2 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100
252 21:d=1 hl=2 l= 29 cons: SEQUENCE
253 23:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
254 28:d=2 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302
255 52:d=1 hl=2 l= 14 cons: SEQUENCE
256 54:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
257 59:d=2 hl=2 l= 1 prim: BOOLEAN :255
258 62:d=2 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
259 68:d=1 hl=2 l= 51 cons: SEQUENCE
260 70:d=2 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
261 75:d=2 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C
262 121:d=1 hl=2 l= 83 cons: SEQUENCE
263 123:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
264 128:d=2 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F
265 206:d=1 hl=3 l= 128 cons: SEQUENCE
266 209:d=2 hl=2 l= 8 prim: OBJECT :Authority Information Access
267 219:d=2 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274
268 337:d=1 hl=2 l= 31 cons: SEQUENCE
269 339:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
270 344:d=2 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7
271 370:d=1 hl=2 l= 39 cons: SEQUENCE
272 372:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
273 377:d=2 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574
274 411:d=1 hl=2 l= 29 cons: SEQUENCE
275 413:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
276 418:d=2 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017