| This is a real-world certificate (in fact the same as cert_version3.pem) |
| |
| |
| $ openssl asn1parse -i < [TBS CERTIFICATE] |
| 0:d=0 hl=4 l=1087 cons: SEQUENCE |
| 4:d=1 hl=2 l= 3 cons: cont [ 0 ] |
| 6:d=2 hl=2 l= 1 prim: INTEGER :02 |
| 9:d=1 hl=2 l= 7 prim: INTEGER :2B63A42A705076 |
| 18:d=1 hl=2 l= 13 cons: SEQUENCE |
| 20:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption |
| 31:d=2 hl=2 l= 0 prim: NULL |
| 33:d=1 hl=3 l= 202 cons: SEQUENCE |
| 36:d=2 hl=2 l= 11 cons: SET |
| 38:d=3 hl=2 l= 9 cons: SEQUENCE |
| 40:d=4 hl=2 l= 3 prim: OBJECT :countryName |
| 45:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US |
| 49:d=2 hl=2 l= 16 cons: SET |
| 51:d=3 hl=2 l= 14 cons: SEQUENCE |
| 53:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName |
| 58:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Arizona |
| 67:d=2 hl=2 l= 19 cons: SET |
| 69:d=3 hl=2 l= 17 cons: SEQUENCE |
| 71:d=4 hl=2 l= 3 prim: OBJECT :localityName |
| 76:d=4 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale |
| 88:d=2 hl=2 l= 26 cons: SET |
| 90:d=3 hl=2 l= 24 cons: SEQUENCE |
| 92:d=4 hl=2 l= 3 prim: OBJECT :organizationName |
| 97:d=4 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc. |
| 116:d=2 hl=2 l= 51 cons: SET |
| 118:d=3 hl=2 l= 49 cons: SEQUENCE |
| 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName |
| 125:d=4 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository |
| 169:d=2 hl=2 l= 48 cons: SET |
| 171:d=3 hl=2 l= 46 cons: SEQUENCE |
| 173:d=4 hl=2 l= 3 prim: OBJECT :commonName |
| 178:d=4 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority |
| 219:d=2 hl=2 l= 17 cons: SET |
| 221:d=3 hl=2 l= 15 cons: SEQUENCE |
| 223:d=4 hl=2 l= 3 prim: OBJECT :serialNumber |
| 228:d=4 hl=2 l= 8 prim: PRINTABLESTRING :07969287 |
| 238:d=1 hl=2 l= 30 cons: SEQUENCE |
| 240:d=2 hl=2 l= 13 prim: UTCTIME :120419135324Z |
| 255:d=2 hl=2 l= 13 prim: UTCTIME :130419135324Z |
| 270:d=1 hl=2 l= 79 cons: SEQUENCE |
| 272:d=2 hl=2 l= 20 cons: SET |
| 274:d=3 hl=2 l= 18 cons: SEQUENCE |
| 276:d=4 hl=2 l= 3 prim: OBJECT :organizationName |
| 281:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net |
| 294:d=2 hl=2 l= 33 cons: SET |
| 296:d=3 hl=2 l= 31 cons: SEQUENCE |
| 298:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName |
| 303:d=4 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated |
| 329:d=2 hl=2 l= 20 cons: SET |
| 331:d=3 hl=2 l= 18 cons: SEQUENCE |
| 333:d=4 hl=2 l= 3 prim: OBJECT :commonName |
| 338:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net |
| 351:d=1 hl=4 l= 290 cons: SEQUENCE |
| 355:d=2 hl=2 l= 13 cons: SEQUENCE |
| 357:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption |
| 368:d=3 hl=2 l= 0 prim: NULL |
| 370:d=2 hl=4 l= 271 prim: BIT STRING |
| 645:d=1 hl=4 l= 442 cons: cont [ 3 ] |
| 649:d=2 hl=4 l= 438 cons: SEQUENCE |
| 653:d=3 hl=2 l= 15 cons: SEQUENCE |
| 655:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints |
| 660:d=4 hl=2 l= 1 prim: BOOLEAN :255 |
| 663:d=4 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100 |
| 670:d=3 hl=2 l= 29 cons: SEQUENCE |
| 672:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage |
| 677:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 |
| 701:d=3 hl=2 l= 14 cons: SEQUENCE |
| 703:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage |
| 708:d=4 hl=2 l= 1 prim: BOOLEAN :255 |
| 711:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 |
| 717:d=3 hl=2 l= 51 cons: SEQUENCE |
| 719:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points |
| 724:d=4 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C |
| 770:d=3 hl=2 l= 83 cons: SEQUENCE |
| 772:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies |
| 777:d=4 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F |
| 855:d=3 hl=3 l= 128 cons: SEQUENCE |
| 858:d=4 hl=2 l= 8 prim: OBJECT :Authority Information Access |
| 868:d=4 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274 |
| 986:d=3 hl=2 l= 31 cons: SEQUENCE |
| 988:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier |
| 993:d=4 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7 |
| 1019:d=3 hl=2 l= 39 cons: SEQUENCE |
| 1021:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name |
| 1026:d=4 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574 |
| 1060:d=3 hl=2 l= 29 cons: SEQUENCE |
| 1062:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier |
| 1067:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017 |
| -----BEGIN TBS CERTIFICATE----- |
| MIIEP6ADAgECAgcrY6QqcFB2MA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEQMA4GA1U |
| ECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIE |
| luYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9ye |
| TEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYD |
| VQQFEwgwNzk2OTI4NzAeFw0xMjA0MTkxMzUzMjRaFw0xMzA0MTkxMzUzMjRaME8xFDASBgNVBAo |
| TC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBA |
| MTC2t0aHVsaHUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNL |
| J7RCgAYmH4vG87FFPFm5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1b |
| bP3Z4+Ra3ENv7cpwQbQjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7 |
| ss/zwTVspYnxvU7oDcqOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvr |
| LAYt/etAxrmHcMUVJbW+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4S |
| rPYLxXytqrU1yLi32xgWwHu1A7fIQIDAQABo4IBujCCAbYwDwYDVR0TAQH/BAUwAwEBADAdBgNV |
| HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDMGA1UdHwQsMCowKKA |
| moCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RzMS02OC5jcmwwUwYDVR0gBEwwSjBIBgtghk |
| gBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL |
| 3JlcG9zaXRvcnkvMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv |
| ZGFkZHkuY29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9 |
| yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axhMpNsRdbi7oVfmr |
| rndplozOcwJwYDVR0RBCAwHoILa3RodWxodS5uZXSCD3d3dy5rdGh1bGh1Lm5ldDAdBgNVHQ4EF |
| gQUox4asank9VC8PgXhdM8B0J414Bc= |
| -----END TBS CERTIFICATE----- |
| |
| -----BEGIN SERIAL NUMBER----- |
| K2OkKnBQdg== |
| -----END SERIAL NUMBER----- |
| |
| $ openssl asn1parse -i < [SIGNATURE ALGORITHM] |
| 0:d=0 hl=2 l= 13 cons: SEQUENCE |
| 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption |
| 13:d=1 hl=2 l= 0 prim: NULL |
| -----BEGIN SIGNATURE ALGORITHM----- |
| MA0GCSqGSIb3DQEBBQUA |
| -----END SIGNATURE ALGORITHM----- |
| |
| $ openssl asn1parse -i < [ISSUER] |
| 0:d=0 hl=3 l= 202 cons: SEQUENCE |
| 3:d=1 hl=2 l= 11 cons: SET |
| 5:d=2 hl=2 l= 9 cons: SEQUENCE |
| 7:d=3 hl=2 l= 3 prim: OBJECT :countryName |
| 12:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US |
| 16:d=1 hl=2 l= 16 cons: SET |
| 18:d=2 hl=2 l= 14 cons: SEQUENCE |
| 20:d=3 hl=2 l= 3 prim: OBJECT :stateOrProvinceName |
| 25:d=3 hl=2 l= 7 prim: PRINTABLESTRING :Arizona |
| 34:d=1 hl=2 l= 19 cons: SET |
| 36:d=2 hl=2 l= 17 cons: SEQUENCE |
| 38:d=3 hl=2 l= 3 prim: OBJECT :localityName |
| 43:d=3 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale |
| 55:d=1 hl=2 l= 26 cons: SET |
| 57:d=2 hl=2 l= 24 cons: SEQUENCE |
| 59:d=3 hl=2 l= 3 prim: OBJECT :organizationName |
| 64:d=3 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc. |
| 83:d=1 hl=2 l= 51 cons: SET |
| 85:d=2 hl=2 l= 49 cons: SEQUENCE |
| 87:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName |
| 92:d=3 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository |
| 136:d=1 hl=2 l= 48 cons: SET |
| 138:d=2 hl=2 l= 46 cons: SEQUENCE |
| 140:d=3 hl=2 l= 3 prim: OBJECT :commonName |
| 145:d=3 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority |
| 186:d=1 hl=2 l= 17 cons: SET |
| 188:d=2 hl=2 l= 15 cons: SEQUENCE |
| 190:d=3 hl=2 l= 3 prim: OBJECT :serialNumber |
| 195:d=3 hl=2 l= 8 prim: PRINTABLESTRING :07969287 |
| -----BEGIN ISSUER----- |
| MIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTE |
| aMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZX |
| MuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZ |
| mljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4Nw== |
| -----END ISSUER----- |
| |
| VALIDITY NOTBEFORE: year=2012, month=4, day=19, hours=13, minutes=53, seconds=24 |
| -----BEGIN VALIDITY NOTBEFORE----- |
| eWVhcj0yMDEyLCBtb250aD00LCBkYXk9MTksIGhvdXJzPTEzLCBtaW51dGVzPTUzLCBzZWNvbmR |
| zPTI0 |
| -----END VALIDITY NOTBEFORE----- |
| |
| VALIDITY NOTAFTER: year=2013, month=4, day=19, hours=13, minutes=53, seconds=24 |
| -----BEGIN VALIDITY NOTAFTER----- |
| eWVhcj0yMDEzLCBtb250aD00LCBkYXk9MTksIGhvdXJzPTEzLCBtaW51dGVzPTUzLCBzZWNvbmR |
| zPTI0 |
| -----END VALIDITY NOTAFTER----- |
| |
| $ openssl asn1parse -i < [SUBJECT] |
| 0:d=0 hl=2 l= 79 cons: SEQUENCE |
| 2:d=1 hl=2 l= 20 cons: SET |
| 4:d=2 hl=2 l= 18 cons: SEQUENCE |
| 6:d=3 hl=2 l= 3 prim: OBJECT :organizationName |
| 11:d=3 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net |
| 24:d=1 hl=2 l= 33 cons: SET |
| 26:d=2 hl=2 l= 31 cons: SEQUENCE |
| 28:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName |
| 33:d=3 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated |
| 59:d=1 hl=2 l= 20 cons: SET |
| 61:d=2 hl=2 l= 18 cons: SEQUENCE |
| 63:d=3 hl=2 l= 3 prim: OBJECT :commonName |
| 68:d=3 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net |
| -----BEGIN SUBJECT----- |
| ME8xFDASBgNVBAoTC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF |
| 0ZWQxFDASBgNVBAMTC2t0aHVsaHUubmV0 |
| -----END SUBJECT----- |
| |
| $ openssl asn1parse -i < [SPKI] |
| 0:d=0 hl=4 l= 290 cons: SEQUENCE |
| 4:d=1 hl=2 l= 13 cons: SEQUENCE |
| 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption |
| 17:d=2 hl=2 l= 0 prim: NULL |
| 19:d=1 hl=4 l= 271 prim: BIT STRING |
| -----BEGIN SPKI----- |
| MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNLJ7RCgAYmH4vG87FFPF |
| m5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1bbP3Z4+Ra3ENv7cpwQb |
| QjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7ss/zwTVspYnxvU7oDc |
| qOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvrLAYt/etAxrmHcMUVJb |
| W+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4SrPYLxXytqrU1yLi32x |
| gWwHu1A7fIQIDAQAB |
| -----END SPKI----- |
| |
| $ openssl asn1parse -i < [EXTENSIONS] |
| 0:d=0 hl=4 l= 438 cons: SEQUENCE |
| 4:d=1 hl=2 l= 15 cons: SEQUENCE |
| 6:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints |
| 11:d=2 hl=2 l= 1 prim: BOOLEAN :255 |
| 14:d=2 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100 |
| 21:d=1 hl=2 l= 29 cons: SEQUENCE |
| 23:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage |
| 28:d=2 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 |
| 52:d=1 hl=2 l= 14 cons: SEQUENCE |
| 54:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage |
| 59:d=2 hl=2 l= 1 prim: BOOLEAN :255 |
| 62:d=2 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 |
| 68:d=1 hl=2 l= 51 cons: SEQUENCE |
| 70:d=2 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points |
| 75:d=2 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C |
| 121:d=1 hl=2 l= 83 cons: SEQUENCE |
| 123:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies |
| 128:d=2 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F |
| 206:d=1 hl=3 l= 128 cons: SEQUENCE |
| 209:d=2 hl=2 l= 8 prim: OBJECT :Authority Information Access |
| 219:d=2 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274 |
| 337:d=1 hl=2 l= 31 cons: SEQUENCE |
| 339:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier |
| 344:d=2 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7 |
| 370:d=1 hl=2 l= 39 cons: SEQUENCE |
| 372:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name |
| 377:d=2 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574 |
| 411:d=1 hl=2 l= 29 cons: SEQUENCE |
| 413:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier |
| 418:d=2 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017 |
| -----BEGIN EXTENSIONS----- |
| MIIBtjAPBgNVHRMBAf8EBTADAQEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgN |
| VHQ8BAf8EBAMCBaAwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZH |
| MxLTY4LmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6L |
| y9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wgYAGCCsGAQUFBwEBBHQwcjAk |
| BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEoGCCsGAQUFBzAChj5odHRwOi8 |
| vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RfaW50ZXJtZWRpYXRlLmNydD |
| AfBgNVHSMEGDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zAnBgNVHREEIDAeggtrdGh1bGh1Lm5ld |
| IIPd3d3Lmt0aHVsaHUubmV0MB0GA1UdDgQWBBSjHhqxqeT1ULw+BeF0zwHQnjXgFw== |
| -----END EXTENSIONS----- |