This is a valid real-world certificate. $ openssl asn1parse -i < [CERTIFICATE] 0:d=0 hl=4 l=1367 cons: SEQUENCE 4:d=1 hl=4 l=1087 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 7 prim: INTEGER :2B63A42A705076 22:d=2 hl=2 l= 13 cons: SEQUENCE 24:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 35:d=3 hl=2 l= 0 prim: NULL 37:d=2 hl=3 l= 202 cons: SEQUENCE 40:d=3 hl=2 l= 11 cons: SET 42:d=4 hl=2 l= 9 cons: SEQUENCE 44:d=5 hl=2 l= 3 prim: OBJECT :countryName 49:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US 53:d=3 hl=2 l= 16 cons: SET 55:d=4 hl=2 l= 14 cons: SEQUENCE 57:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 62:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Arizona 71:d=3 hl=2 l= 19 cons: SET 73:d=4 hl=2 l= 17 cons: SEQUENCE 75:d=5 hl=2 l= 3 prim: OBJECT :localityName 80:d=5 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale 92:d=3 hl=2 l= 26 cons: SET 94:d=4 hl=2 l= 24 cons: SEQUENCE 96:d=5 hl=2 l= 3 prim: OBJECT :organizationName 101:d=5 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc. 120:d=3 hl=2 l= 51 cons: SET 122:d=4 hl=2 l= 49 cons: SEQUENCE 124:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 129:d=5 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository 173:d=3 hl=2 l= 48 cons: SET 175:d=4 hl=2 l= 46 cons: SEQUENCE 177:d=5 hl=2 l= 3 prim: OBJECT :commonName 182:d=5 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority 223:d=3 hl=2 l= 17 cons: SET 225:d=4 hl=2 l= 15 cons: SEQUENCE 227:d=5 hl=2 l= 3 prim: OBJECT :serialNumber 232:d=5 hl=2 l= 8 prim: PRINTABLESTRING :07969287 242:d=2 hl=2 l= 30 cons: SEQUENCE 244:d=3 hl=2 l= 13 prim: UTCTIME :120419135324Z 259:d=3 hl=2 l= 13 prim: UTCTIME :130419135324Z 274:d=2 hl=2 l= 79 cons: SEQUENCE 276:d=3 hl=2 l= 20 cons: SET 278:d=4 hl=2 l= 18 cons: SEQUENCE 280:d=5 hl=2 l= 3 prim: OBJECT :organizationName 285:d=5 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net 298:d=3 hl=2 l= 33 cons: SET 300:d=4 hl=2 l= 31 cons: SEQUENCE 302:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 307:d=5 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated 333:d=3 hl=2 l= 20 cons: SET 335:d=4 hl=2 l= 18 cons: SEQUENCE 337:d=5 hl=2 l= 3 prim: OBJECT :commonName 342:d=5 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net 355:d=2 hl=4 l= 290 cons: SEQUENCE 359:d=3 hl=2 l= 13 cons: SEQUENCE 361:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 372:d=4 hl=2 l= 0 prim: NULL 374:d=3 hl=4 l= 271 prim: BIT STRING 649:d=2 hl=4 l= 442 cons: cont [ 3 ] 653:d=3 hl=4 l= 438 cons: SEQUENCE 657:d=4 hl=2 l= 15 cons: SEQUENCE 659:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 664:d=5 hl=2 l= 1 prim: BOOLEAN :255 667:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100 674:d=4 hl=2 l= 29 cons: SEQUENCE 676:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 681:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 705:d=4 hl=2 l= 14 cons: SEQUENCE 707:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 712:d=5 hl=2 l= 1 prim: BOOLEAN :255 715:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 721:d=4 hl=2 l= 51 cons: SEQUENCE 723:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points 728:d=5 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C 774:d=4 hl=2 l= 83 cons: SEQUENCE 776:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies 781:d=5 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F 859:d=4 hl=3 l= 128 cons: SEQUENCE 862:d=5 hl=2 l= 8 prim: OBJECT :Authority Information Access 872:d=5 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274 990:d=4 hl=2 l= 31 cons: SEQUENCE 992:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 997:d=5 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7 1023:d=4 hl=2 l= 39 cons: SEQUENCE 1025:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name 1030:d=5 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574 1064:d=4 hl=2 l= 29 cons: SEQUENCE 1066:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 1071:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017 1095:d=1 hl=2 l= 13 cons: SEQUENCE 1097:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 1108:d=2 hl=2 l= 0 prim: NULL 1110:d=1 hl=4 l= 257 prim: BIT STRING -----BEGIN CERTIFICATE----- MIIFVzCCBD+gAwIBAgIHK2OkKnBQdjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxEDA OBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY2 9tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9za XRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTER MA8GA1UEBRMIMDc5NjkyODcwHhcNMTIwNDE5MTM1MzI0WhcNMTMwNDE5MTM1MzI0WjBPMRQwEgY DVQQKEwtrdGh1bGh1Lm5ldDEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEg YDVQQDEwtrdGh1bGh1Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK80JLhGb +cZDSye0QoAGJh+LxvOxRTxZuSfvTm3pzQBapvFeQuCM15tfrO66NLJ3Szsgx+SDTQLSpLqqe5K rm5dW2z92ePkWtxDb+3KcEG0I6Gmo0SghkVC7P4xTAgAEoov/t45JLnzYpru3AXw1zkkEdmEGS+ M4Q1u7LP88E1bKWJ8b1O6A3KjiMAphcEPxb2EwMRdbqMygbCXy/OeL9DCiOxhMsp+lvI2e3/HEn PGob6ywGLf3rQMa5h3DFFSW1voMV4sCbB349N0tf0cqR02+IEahM96V+sJfLKrST9C+Zl7kIBEq BAGeEqz2C8V8raq1Nci4t9sYFsB7tQO3yECAwEAAaOCAbowggG2MA8GA1UdEwEB/wQFMAMBAQAw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAzBgNVHR8ELDA qMCigJqAkhiJodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEtNjguY3JsMFMGA1UdIARMMEowSA YLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5L mNvbS9yZXBvc2l0b3J5LzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz cC5nb2RhZGR5LmNvbS8wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5 jb20vcmVwb3NpdG9yeS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1UdIwQYMBaAFP2sYTKTbEXW4u 6FX5q653aZaMznMCcGA1UdEQQgMB6CC2t0aHVsaHUubmV0gg93d3cua3RodWxodS5uZXQwHQYDV R0OBBYEFKMeGrGp5PVQvD4F4XTPAdCeNeAXMA0GCSqGSIb3DQEBBQUAA4IBAQC3hBvUM0guBBJc qsVDNehFGtd+wsbgqEHMDGSMIK5ahg4rgqUevqe98xVb9n3fMF0zCs/3LYA6mbzKQo8i2Xdbbyc rA0Lc+k2LST1+i19rr0idYb6Dl8mzyObf0RQQHZ5wjj+GShOk4SGXuId1hJyEJZoNUjdu3yHyPf +K6UaDtp4B3ECZZPyz19SFsYTsBX7Pm1u0tA6kDpNaNQxOlEEQQ+ogKFeqSJ7d0/3D83WFmIxtH KV7jpWcZcSVDjacjFZIsVTgjQgkgIkkUrAvqsFPFTcUnXogk6qtGxH4C17wXoQO7Tsa+j3McYP1 HZmCxBi7r3fZJEu5k5TpvDU4Kemf -----END CERTIFICATE----- $ openssl asn1parse -i < [TBS CERTIFICATE] 0:d=0 hl=4 l=1087 cons: SEQUENCE 4:d=1 hl=2 l= 3 cons: cont [ 0 ] 6:d=2 hl=2 l= 1 prim: INTEGER :02 9:d=1 hl=2 l= 7 prim: INTEGER :2B63A42A705076 18:d=1 hl=2 l= 13 cons: SEQUENCE 20:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 31:d=2 hl=2 l= 0 prim: NULL 33:d=1 hl=3 l= 202 cons: SEQUENCE 36:d=2 hl=2 l= 11 cons: SET 38:d=3 hl=2 l= 9 cons: SEQUENCE 40:d=4 hl=2 l= 3 prim: OBJECT :countryName 45:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US 49:d=2 hl=2 l= 16 cons: SET 51:d=3 hl=2 l= 14 cons: SEQUENCE 53:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 58:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Arizona 67:d=2 hl=2 l= 19 cons: SET 69:d=3 hl=2 l= 17 cons: SEQUENCE 71:d=4 hl=2 l= 3 prim: OBJECT :localityName 76:d=4 hl=2 l= 10 prim: PRINTABLESTRING :Scottsdale 88:d=2 hl=2 l= 26 cons: SET 90:d=3 hl=2 l= 24 cons: SEQUENCE 92:d=4 hl=2 l= 3 prim: OBJECT :organizationName 97:d=4 hl=2 l= 17 prim: PRINTABLESTRING :GoDaddy.com, Inc. 116:d=2 hl=2 l= 51 cons: SET 118:d=3 hl=2 l= 49 cons: SEQUENCE 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName 125:d=4 hl=2 l= 42 prim: PRINTABLESTRING :http://certificates.godaddy.com/repository 169:d=2 hl=2 l= 48 cons: SET 171:d=3 hl=2 l= 46 cons: SEQUENCE 173:d=4 hl=2 l= 3 prim: OBJECT :commonName 178:d=4 hl=2 l= 39 prim: PRINTABLESTRING :Go Daddy Secure Certification Authority 219:d=2 hl=2 l= 17 cons: SET 221:d=3 hl=2 l= 15 cons: SEQUENCE 223:d=4 hl=2 l= 3 prim: OBJECT :serialNumber 228:d=4 hl=2 l= 8 prim: PRINTABLESTRING :07969287 238:d=1 hl=2 l= 30 cons: SEQUENCE 240:d=2 hl=2 l= 13 prim: UTCTIME :120419135324Z 255:d=2 hl=2 l= 13 prim: UTCTIME :130419135324Z 270:d=1 hl=2 l= 79 cons: SEQUENCE 272:d=2 hl=2 l= 20 cons: SET 274:d=3 hl=2 l= 18 cons: SEQUENCE 276:d=4 hl=2 l= 3 prim: OBJECT :organizationName 281:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net 294:d=2 hl=2 l= 33 cons: SET 296:d=3 hl=2 l= 31 cons: SEQUENCE 298:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName 303:d=4 hl=2 l= 24 prim: PRINTABLESTRING :Domain Control Validated 329:d=2 hl=2 l= 20 cons: SET 331:d=3 hl=2 l= 18 cons: SEQUENCE 333:d=4 hl=2 l= 3 prim: OBJECT :commonName 338:d=4 hl=2 l= 11 prim: PRINTABLESTRING :kthulhu.net 351:d=1 hl=4 l= 290 cons: SEQUENCE 355:d=2 hl=2 l= 13 cons: SEQUENCE 357:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption 368:d=3 hl=2 l= 0 prim: NULL 370:d=2 hl=4 l= 271 prim: BIT STRING 645:d=1 hl=4 l= 442 cons: cont [ 3 ] 649:d=2 hl=4 l= 438 cons: SEQUENCE 653:d=3 hl=2 l= 15 cons: SEQUENCE 655:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 660:d=4 hl=2 l= 1 prim: BOOLEAN :255 663:d=4 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100 670:d=3 hl=2 l= 29 cons: SEQUENCE 672:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 677:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302 701:d=3 hl=2 l= 14 cons: SEQUENCE 703:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 708:d=4 hl=2 l= 1 prim: BOOLEAN :255 711:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0 717:d=3 hl=2 l= 51 cons: SEQUENCE 719:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points 724:d=4 hl=2 l= 44 prim: OCTET STRING [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E676F64616464792E636F6D2F676473312D36382E63726C 770:d=3 hl=2 l= 83 cons: SEQUENCE 772:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies 777:d=4 hl=2 l= 76 prim: OCTET STRING [HEX DUMP]:304A3048060B6086480186FD6D010717013039303706082B06010505070201162B687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F 855:d=3 hl=3 l= 128 cons: SEQUENCE 858:d=4 hl=2 l= 8 prim: OBJECT :Authority Information Access 868:d=4 hl=2 l= 116 prim: OCTET STRING [HEX DUMP]:3072302406082B060105050730018618687474703A2F2F6F6373702E676F64616464792E636F6D2F304A06082B06010505073002863E687474703A2F2F6365727469666963617465732E676F64616464792E636F6D2F7265706F7369746F72792F67645F696E7465726D6564696174652E637274 986:d=3 hl=2 l= 31 cons: SEQUENCE 988:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 993:d=4 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014FDAC6132936C45D6E2EE855F9ABAE7769968CCE7 1019:d=3 hl=2 l= 39 cons: SEQUENCE 1021:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name 1026:d=4 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:301E820B6B7468756C68752E6E6574820F7777772E6B7468756C68752E6E6574 1060:d=3 hl=2 l= 29 cons: SEQUENCE 1062:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 1067:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A31E1AB1A9E4F550BC3E05E174CF01D09E35E017 -----BEGIN TBS CERTIFICATE----- MIIEP6ADAgECAgcrY6QqcFB2MA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEQMA4GA1U ECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIE luYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9ye TEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYD VQQFEwgwNzk2OTI4NzAeFw0xMjA0MTkxMzUzMjRaFw0xMzA0MTkxMzUzMjRaME8xFDASBgNVBAo TC2t0aHVsaHUubmV0MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBA MTC2t0aHVsaHUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzQkuEZv5xkNL J7RCgAYmH4vG87FFPFm5J+9ObenNAFqm8V5C4IzXm1+s7ro0sndLOyDH5INNAtKkuqp7kqubl1b bP3Z4+Ra3ENv7cpwQbQjoaajRKCGRULs/jFMCAASii/+3jkkufNimu7cBfDXOSQR2YQZL4zhDW7 ss/zwTVspYnxvU7oDcqOIwCmFwQ/FvYTAxF1uozKBsJfL854v0MKI7GEyyn6W8jZ7f8cSc8ahvr LAYt/etAxrmHcMUVJbW+gxXiwJsHfj03S1/RypHTb4gRqEz3pX6wl8sqtJP0L5mXuQgESoEAZ4S rPYLxXytqrU1yLi32xgWwHu1A7fIQIDAQABo4IBujCCAbYwDwYDVR0TAQH/BAUwAwEBADAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDMGA1UdHwQsMCowKKA moCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RzMS02OC5jcmwwUwYDVR0gBEwwSjBIBgtghk gBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL 3JlcG9zaXRvcnkvMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv ZGFkZHkuY29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9 yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axhMpNsRdbi7oVfmr rndplozOcwJwYDVR0RBCAwHoILa3RodWxodS5uZXSCD3d3dy5rdGh1bGh1Lm5ldDAdBgNVHQ4EF gQUox4asank9VC8PgXhdM8B0J414Bc= -----END TBS CERTIFICATE----- $ openssl asn1parse -i < [SIGNATURE ALGORITHM] 0:d=0 hl=2 l= 13 cons: SEQUENCE 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 13:d=1 hl=2 l= 0 prim: NULL -----BEGIN SIGNATURE ALGORITHM----- MA0GCSqGSIb3DQEBBQUA -----END SIGNATURE ALGORITHM----- -----BEGIN SIGNATURE----- t4Qb1DNILgQSXKrFQzXoRRrXfsLG4KhBzAxkjCCuWoYOK4KlHr6nvfMVW/Z93zBdMwrP9y2AOpm 8ykKPItl3W28nKwNC3PpNi0k9fotfa69InWG+g5fJs8jm39EUEB2ecI4/hkoTpOEhl7iHdYSchC WaDVI3bt8h8j3/iulGg7aeAdxAmWT8s9fUhbGE7AV+z5tbtLQOpA6TWjUMTpRBEEPqIChXqkie3 dP9w/N1hZiMbRyle46VnGXElQ42nIxWSLFU4I0IJICJJFKwL6rBTxU3FJ16IJOqrRsR+Ate8F6E Du07Gvo9zHGD9R2ZgsQYu6932SRLuZOU6bw1OCnpnw== -----END SIGNATURE-----