1This is a real-world certificate (in fact the same as cert_version3.pem) 2 3 4$ openssl asn1parse -i < [TBS CERTIFICATE] 5 0:d=0 hl=4 l=1087 cons: SEQUENCE 6 4:d=1 hl=2 l= 3 cons: cont [ 0 ] 7 6:d=2 hl=2 l= 1 prim: INTEGER :02 8 9:d=1 hl=2 l= 7 prim: INTEGER :2B63A42A705076 9 18:d=1 hl=2 l= 13 cons: SEQUENCE 10 20:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 11 31:d=2 hl=2 l= 0 prim: NULL 12 33:d=1 hl=3 l= 202 cons: SEQUENCE 13 36:d=2 hl=2 l= 11 cons: SET 14 38:d=3 hl=2 l= 9 cons: SEQUENCE 15 40:d=4 hl=2 l= 3 prim: OBJECT :countryName 16 45:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US 17 49:d=2 hl=2 l= 16 cons: SET 18 51:d=3 hl=2 l= 14 cons: SEQUENCE 19 53:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 20 58:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Arizona 21 67:d=2 hl=2 l= 19 cons: SET 22 69:d=3 hl=2 l= 17 cons: SEQUENCE 23 71:d=4 hl=2 l= 3 prim: OBJECT :localityName 24 76:d=4 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale 25 88:d=2 hl=2 l= 26 cons: SET 26 90:d=3 hl=2 l= 24 cons: SEQUENCE 27 92:d=4 hl=2 l= 3 prim: OBJECT :organizationName 28 97:d=4 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc. 29 116:d=2 hl=2 l= 51 cons: SET 30 118:d=3 hl=2 l= 49 cons: SEQUENCE 31 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName 32 125:d=4 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository 33 169:d=2 hl=2 l= 48 cons: SET 34 171:d=3 hl=2 l= 46 cons: SEQUENCE 35 173:d=4 hl=2 l= 3 prim: OBJECT :commonName 36 178:d=4 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority 37 219:d=2 hl=2 l= 17 cons: SET 38 221:d=3 hl=2 l= 15 cons: SEQUENCE 39 223:d=4 hl=2 l= 3 prim: OBJECT :serialNumber 40 228:d=4 hl=2 l= 8 prim: PRINTABLESTRING :07969287 41 238:d=1 hl=2 l= 30 cons: SEQUENCE 42 240:d=2 hl=2 l= 13 prim: UTCTIME :120419135324Z 43 255:d=2 hl=2 l= 13 prim: UTCTIME :130419135324Z 44 270:d=1 hl=2 l= 79 cons: SEQUENCE 45 272:d=2 hl=2 l= 20 cons: SET 46 274:d=3 hl=2 l= 18 cons: SEQUENCE 47 276:d=4 hl=2 l= 3 prim: OBJECT :organizationName 48 281:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net 49 294:d=2 hl=2 l= 33 cons: SET 50 296:d=3 hl=2 l= 31 cons: SEQUENCE 51 298:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName 52 303:d=4 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated 53 329:d=2 hl=2 l= 20 cons: SET 54 331:d=3 hl=2 l= 18 cons: SEQUENCE 55 333:d=4 hl=2 l= 3 prim: OBJECT :commonName 56 338:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net 57 351:d=1 hl=4 l= 290 cons: SEQUENCE 58 355:d=2 hl=2 l= 13 cons: SEQUENCE 59 357:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption 60 368:d=3 hl=2 l= 0 prim: NULL 61 370:d=2 hl=4 l= 271 prim: BIT STRING 62 645:d=1 hl=4 l= 442 cons: cont [ 3 ] 63 649:d=2 hl=4 l= 438 cons: SEQUENCE 64 653:d=3 hl=2 l= 15 cons: SEQUENCE 65 655:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 66 660:d=4 hl=2 l= 1 prim: BOOLEAN :255 67 663:d=4 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100 68 670:d=3 hl=2 l= 29 cons: SEQUENCE 69 672:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 70 677:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 71 701:d=3 hl=2 l= 14 cons: SEQUENCE 72 703:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 73 708:d=4 hl=2 l= 1 prim: BOOLEAN :255 74 711:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 75 717:d=3 hl=2 l= 51 cons: SEQUENCE 76 719:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points 77 724:d=4 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C 78 770:d=3 hl=2 l= 83 cons: SEQUENCE 79 772:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies 80 777:d=4 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F 81 855:d=3 hl=3 l= 128 cons: SEQUENCE 82 858:d=4 hl=2 l= 8 prim: OBJECT :Authority Information Access 83 868:d=4 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274 84 986:d=3 hl=2 l= 31 cons: SEQUENCE 85 988:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 86 993:d=4 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7 87 1019:d=3 hl=2 l= 39 cons: SEQUENCE 88 1021:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name 89 1026:d=4 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574 90 1060:d=3 hl=2 l= 29 cons: SEQUENCE 91 1062:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 92 1067:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017 93-----BEGIN TBS CERTIFICATE----- 94MIIEP6ADAgECAgcrY6QqcFB2MA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEQMA4GA1U 95ECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIE 96luYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9ye 97TEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYD 98VQQFEwgwNzk2OTI4NzAeFw0xMjA0MTkxMzUzMjRaFw0xMzA0MTkxMzUzMjRaME8xFDASBgNVBAo 99TC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBA 100MTC2t0aHVsaHUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNL 101J7RCgAYmH4vG87FFPFm5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1b 102bP3Z4+Ra3ENv7cpwQbQjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7 103ss/zwTVspYnxvU7oDcqOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvr 104LAYt/etAxrmHcMUVJbW+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4S 105rPYLxXytqrU1yLi32xgWwHu1A7fIQIDAQABo4IBujCCAbYwDwYDVR0TAQH/BAUwAwEBADAdBgNV 106HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDMGA1UdHwQsMCowKKA 107moCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RzMS02OC5jcmwwUwYDVR0gBEwwSjBIBgtghk 108gBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL 1093JlcG9zaXRvcnkvMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv 110ZGFkZHkuY29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9 111yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axhMpNsRdbi7oVfmr 112rndplozOcwJwYDVR0RBCAwHoILa3RodWxodS5uZXSCD3d3dy5rdGh1bGh1Lm5ldDAdBgNVHQ4EF 113gQUox4asank9VC8PgXhdM8B0J414Bc= 114-----END TBS CERTIFICATE----- 115 116-----BEGIN SERIAL NUMBER----- 117K2OkKnBQdg== 118-----END SERIAL NUMBER----- 119 120$ openssl asn1parse -i < [SIGNATURE ALGORITHM] 121 0:d=0 hl=2 l= 13 cons: SEQUENCE 122 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 123 13:d=1 hl=2 l= 0 prim: NULL 124-----BEGIN SIGNATURE ALGORITHM----- 125MA0GCSqGSIb3DQEBBQUA 126-----END SIGNATURE ALGORITHM----- 127 128$ openssl asn1parse -i < [ISSUER] 129 0:d=0 hl=3 l= 202 cons: SEQUENCE 130 3:d=1 hl=2 l= 11 cons: SET 131 5:d=2 hl=2 l= 9 cons: SEQUENCE 132 7:d=3 hl=2 l= 3 prim: OBJECT :countryName 133 12:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US 134 16:d=1 hl=2 l= 16 cons: SET 135 18:d=2 hl=2 l= 14 cons: SEQUENCE 136 20:d=3 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 137 25:d=3 hl=2 l= 7 prim: PRINTABLESTRING :Arizona 138 34:d=1 hl=2 l= 19 cons: SET 139 36:d=2 hl=2 l= 17 cons: SEQUENCE 140 38:d=3 hl=2 l= 3 prim: OBJECT :localityName 141 43:d=3 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale 142 55:d=1 hl=2 l= 26 cons: SET 143 57:d=2 hl=2 l= 24 cons: SEQUENCE 144 59:d=3 hl=2 l= 3 prim: OBJECT :organizationName 145 64:d=3 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc. 146 83:d=1 hl=2 l= 51 cons: SET 147 85:d=2 hl=2 l= 49 cons: SEQUENCE 148 87:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName 149 92:d=3 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository 150 136:d=1 hl=2 l= 48 cons: SET 151 138:d=2 hl=2 l= 46 cons: SEQUENCE 152 140:d=3 hl=2 l= 3 prim: OBJECT :commonName 153 145:d=3 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority 154 186:d=1 hl=2 l= 17 cons: SET 155 188:d=2 hl=2 l= 15 cons: SEQUENCE 156 190:d=3 hl=2 l= 3 prim: OBJECT :serialNumber 157 195:d=3 hl=2 l= 8 prim: PRINTABLESTRING :07969287 158-----BEGIN ISSUER----- 159MIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTE 160aMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZX 161MuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZ 162mljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4Nw== 163-----END ISSUER----- 164 165VALIDITY NOTBEFORE: year=2012, month=4, day=19, hours=13, minutes=53, seconds=24 166-----BEGIN VALIDITY NOTBEFORE----- 167eWVhcj0yMDEyLCBtb250aD00LCBkYXk9MTksIGhvdXJzPTEzLCBtaW51dGVzPTUzLCBzZWNvbmR 168zPTI0 169-----END VALIDITY NOTBEFORE----- 170 171VALIDITY NOTAFTER: year=2013, month=4, day=19, hours=13, minutes=53, seconds=24 172-----BEGIN VALIDITY NOTAFTER----- 173eWVhcj0yMDEzLCBtb250aD00LCBkYXk9MTksIGhvdXJzPTEzLCBtaW51dGVzPTUzLCBzZWNvbmR 174zPTI0 175-----END VALIDITY NOTAFTER----- 176 177$ openssl asn1parse -i < [SUBJECT] 178 0:d=0 hl=2 l= 79 cons: SEQUENCE 179 2:d=1 hl=2 l= 20 cons: SET 180 4:d=2 hl=2 l= 18 cons: SEQUENCE 181 6:d=3 hl=2 l= 3 prim: OBJECT :organizationName 182 11:d=3 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net 183 24:d=1 hl=2 l= 33 cons: SET 184 26:d=2 hl=2 l= 31 cons: SEQUENCE 185 28:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName 186 33:d=3 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated 187 59:d=1 hl=2 l= 20 cons: SET 188 61:d=2 hl=2 l= 18 cons: SEQUENCE 189 63:d=3 hl=2 l= 3 prim: OBJECT :commonName 190 68:d=3 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net 191-----BEGIN SUBJECT----- 192ME8xFDASBgNVBAoTC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF 1930ZWQxFDASBgNVBAMTC2t0aHVsaHUubmV0 194-----END SUBJECT----- 195 196$ openssl asn1parse -i < [SPKI] 197 0:d=0 hl=4 l= 290 cons: SEQUENCE 198 4:d=1 hl=2 l= 13 cons: SEQUENCE 199 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 200 17:d=2 hl=2 l= 0 prim: NULL 201 19:d=1 hl=4 l= 271 prim: BIT STRING 202-----BEGIN SPKI----- 203MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNLJ7RCgAYmH4vG87FFPF 204m5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1bbP3Z4+Ra3ENv7cpwQb 205QjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7ss/zwTVspYnxvU7oDc 206qOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvrLAYt/etAxrmHcMUVJb 207W+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4SrPYLxXytqrU1yLi32x 208gWwHu1A7fIQIDAQAB 209-----END SPKI----- 210 211$ openssl asn1parse -i < [EXTENSIONS] 212 0:d=0 hl=4 l= 438 cons: SEQUENCE 213 4:d=1 hl=2 l= 15 cons: SEQUENCE 214 6:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 215 11:d=2 hl=2 l= 1 prim: BOOLEAN :255 216 14:d=2 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100 217 21:d=1 hl=2 l= 29 cons: SEQUENCE 218 23:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 219 28:d=2 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 220 52:d=1 hl=2 l= 14 cons: SEQUENCE 221 54:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 222 59:d=2 hl=2 l= 1 prim: BOOLEAN :255 223 62:d=2 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 224 68:d=1 hl=2 l= 51 cons: SEQUENCE 225 70:d=2 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points 226 75:d=2 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C 227 121:d=1 hl=2 l= 83 cons: SEQUENCE 228 123:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies 229 128:d=2 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F 230 206:d=1 hl=3 l= 128 cons: SEQUENCE 231 209:d=2 hl=2 l= 8 prim: OBJECT :Authority Information Access 232 219:d=2 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274 233 337:d=1 hl=2 l= 31 cons: SEQUENCE 234 339:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 235 344:d=2 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7 236 370:d=1 hl=2 l= 39 cons: SEQUENCE 237 372:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name 238 377:d=2 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574 239 411:d=1 hl=2 l= 29 cons: SEQUENCE 240 413:d=2 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 241 418:d=2 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017 242-----BEGIN EXTENSIONS----- 243MIIBtjAPBgNVHRMBAf8EBTADAQEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgN 244VHQ8BAf8EBAMCBaAwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZH 245MxLTY4LmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6L 246y9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wgYAGCCsGAQUFBwEBBHQwcjAk 247BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEoGCCsGAQUFBzAChj5odHRwOi8 248vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RfaW50ZXJtZWRpYXRlLmNydD 249AfBgNVHSMEGDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zAnBgNVHREEIDAeggtrdGh1bGh1Lm5ld 250IIPd3d3Lmt0aHVsaHUubmV0MB0GA1UdDgQWBBSjHhqxqeT1ULw+BeF0zwHQnjXgFw== 251-----END EXTENSIONS----- 252