anshprat/gist:70024717bb40019ec0f3d58582d70599

## gistfile1.txt
With /etc/hosts pointing to 18.205.93.0 , 18.205.93.1 and 18.205.93.2 in that order

mouthwash :~/tmp\>echo | openssl s_client -showcerts -servername gnupg.org -connect bitbucket.org:443 2>/dev/null | openssl x509 -inform pem -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:7e:ec:9b:39:52:f1:7e:2f:67:16:55:7a:6f:52:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA
        Validity
            Not Before: Apr 19 00:00:00 2018 GMT
            Not After : Apr 21 12:00:00 2020 GMT
        Subject: businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian, Inc., OU=Bitbucket, CN=bitbucket.org
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:a4:d5:9a:3a:03:c4:9c:a1:70:6e:68:b8:ee:ea:
                    fe:e5:fe:98:af:21:3b:14:01:ed:6c:96:9d:a6:72:
                    de:7e:dd:38:03:12:3c:c9:35:ff:6a:63:9e:6c:67:
                    4f:e0:cc:6e:d6:0b:c4:06:f7:6d:15:09:30:94:b5:
                    b8:3b:78:db:29
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F

            X509v3 Subject Key Identifier:
                93:39:27:E1:BB:91:E0:E4:99:27:D3:14:EA:8B:9F:ED:A0:CE:D9:69
            X509v3 Subject Alternative Name:
                DNS:bitbucket.org, DNS:www.bitbucket.org
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/sha2-ev-server-g2.crl

                Full Name:
                  URI:http://crl4.digicert.com/sha2-ev-server-g2.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114412.2.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.1

            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
                                3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
                    Timestamp : Apr 19 05:15:56.053 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:A9:5D:E5:3A:40:90:C2:69:75:27:3F:
                                A4:01:CD:88:CA:B1:58:F7:9F:6D:A4:D6:44:FE:F3:C5:
                                20:10:C8:7C:6D:02:20:0D:E4:CE:4D:E8:E3:F1:E7:E1:
                                7E:B9:E4:93:59:7E:B0:4B:34:BD:BC:6D:4A:59:66:73:
                                D2:FB:C0:2F:53:CF:E9
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
                                46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
                    Timestamp : Apr 19 05:15:56.276 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:7B:20:E7:A4:7F:5B:68:4B:F8:54:D8:A2:
                                59:DD:2E:2E:A7:9D:75:4E:3E:7F:0D:BF:7E:E2:1D:59:
                                9B:4D:42:57:02:20:54:5C:02:7C:4E:4E:26:42:04:34:
                                EE:BD:1F:A3:6E:AF:1A:D8:74:42:1E:D5:5C:E0:E7:A3:
                                BE:14:70:A0:B0:89
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
                                38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
                    Timestamp : Apr 19 05:15:56.290 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:6F:C6:7D:50:10:98:BC:D9:37:3C:EB:B0:
                                FC:12:65:5B:BD:C0:DF:98:2F:67:AA:BB:E7:6A:2E:C4:
                                74:C5:BC:09:02:20:43:36:30:8D:9F:78:03:3E:9C:93:
                                EF:EF:22:1A:11:2E:C9:52:79:5A:0E:05:40:72:58:9A:
                                40:1F:42:69:B4:F1
    Signature Algorithm: sha256WithRSAEncryption
         25:78:42:cf:71:e5:06:31:b0:b4:a5:fa:3d:47:65:6c:60:a4:
         4c:eb:d0:6a:ee:bc:9c:43:49:21:ec:94:92:a3:1f:7b:db:e3:
         09:0a:d2:7e:a8:85:e8:3b:c0:d2:dc:4d:94:74:ef:88:55:08:
         18:90:5a:a0:f0:63:01:9e:da:83:68:0f:08:8a:06:c9:04:5d:
         0c:3e:ca:2e:4f:90:54:38:61:3f:d5:0b:9f:f7:08:18:a8:12:
         e0:a5:89:69:43:a4:44:d6:ac:90:af:68:60:09:78:c9:74:66:
         b2:96:24:83:49:9e:06:5b:64:4e:e1:92:be:12:4f:3d:d6:d7:
         88:84:cb:04:e6:d5:f3:d6:87:10:95:0f:69:2d:45:d5:0b:fe:
         e0:a4:00:ff:a5:98:ae:ff:59:42:a4:e9:19:9c:91:a0:9c:b3:
         19:8f:23:99:44:ac:4e:e2:91:f7:90:b2:35:55:b3:da:9f:dd:
         d2:36:47:4b:69:9a:f8:25:1c:d3:27:c8:68:fd:5d:89:d1:80:
         98:50:c0:9e:02:c4:43:03:d2:75:ae:0c:a7:78:e8:be:49:cc:
         b1:c9:79:e6:ef:ca:31:52:e6:ae:d1:b8:92:4e:8f:a2:05:45:
         c7:d4:c6:bd:9b:f7:1a:60:09:e0:21:e8:2e:57:ac:cb:62:63:
         ec:5f:c9:f9
mouthwash :~/tmp\>echo | openssl s_client -showcerts -servername gnupg.org -connect bitbucket.org:443 2>/dev/null | openssl x509 -inform pem -noout -textCertificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:7e:ec:9b:39:52:f1:7e:2f:67:16:55:7a:6f:52:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA
        Validity
            Not Before: Apr 19 00:00:00 2018 GMT
            Not After : Apr 21 12:00:00 2020 GMT
        Subject: businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian, Inc., OU=Bitbucket, CN=bitbucket.org
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:a4:d5:9a:3a:03:c4:9c:a1:70:6e:68:b8:ee:ea:
                    fe:e5:fe:98:af:21:3b:14:01:ed:6c:96:9d:a6:72:
                    de:7e:dd:38:03:12:3c:c9:35:ff:6a:63:9e:6c:67:
                    4f:e0:cc:6e:d6:0b:c4:06:f7:6d:15:09:30:94:b5:
                    b8:3b:78:db:29
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F

            X509v3 Subject Key Identifier:
                93:39:27:E1:BB:91:E0:E4:99:27:D3:14:EA:8B:9F:ED:A0:CE:D9:69
            X509v3 Subject Alternative Name:
                DNS:bitbucket.org, DNS:www.bitbucket.org
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/sha2-ev-server-g2.crl

                Full Name:
                  URI:http://crl4.digicert.com/sha2-ev-server-g2.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114412.2.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.1

            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
                                3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
                    Timestamp : Apr 19 05:15:56.053 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:A9:5D:E5:3A:40:90:C2:69:75:27:3F:
                                A4:01:CD:88:CA:B1:58:F7:9F:6D:A4:D6:44:FE:F3:C5:
                                20:10:C8:7C:6D:02:20:0D:E4:CE:4D:E8:E3:F1:E7:E1:
                                7E:B9:E4:93:59:7E:B0:4B:34:BD:BC:6D:4A:59:66:73:
                                D2:FB:C0:2F:53:CF:E9
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
                                46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
                    Timestamp : Apr 19 05:15:56.276 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:7B:20:E7:A4:7F:5B:68:4B:F8:54:D8:A2:
                                59:DD:2E:2E:A7:9D:75:4E:3E:7F:0D:BF:7E:E2:1D:59:
                                9B:4D:42:57:02:20:54:5C:02:7C:4E:4E:26:42:04:34:
                                EE:BD:1F:A3:6E:AF:1A:D8:74:42:1E:D5:5C:E0:E7:A3:
                                BE:14:70:A0:B0:89
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
                                38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
                    Timestamp : Apr 19 05:15:56.290 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:6F:C6:7D:50:10:98:BC:D9:37:3C:EB:B0:
                                FC:12:65:5B:BD:C0:DF:98:2F:67:AA:BB:E7:6A:2E:C4:
                                74:C5:BC:09:02:20:43:36:30:8D:9F:78:03:3E:9C:93:
                                EF:EF:22:1A:11:2E:C9:52:79:5A:0E:05:40:72:58:9A:
                                40:1F:42:69:B4:F1
    Signature Algorithm: sha256WithRSAEncryption
         25:78:42:cf:71:e5:06:31:b0:b4:a5:fa:3d:47:65:6c:60:a4:
         4c:eb:d0:6a:ee:bc:9c:43:49:21:ec:94:92:a3:1f:7b:db:e3:
         09:0a:d2:7e:a8:85:e8:3b:c0:d2:dc:4d:94:74:ef:88:55:08:
         18:90:5a:a0:f0:63:01:9e:da:83:68:0f:08:8a:06:c9:04:5d:
         0c:3e:ca:2e:4f:90:54:38:61:3f:d5:0b:9f:f7:08:18:a8:12:
         e0:a5:89:69:43:a4:44:d6:ac:90:af:68:60:09:78:c9:74:66:
         b2:96:24:83:49:9e:06:5b:64:4e:e1:92:be:12:4f:3d:d6:d7:
         88:84:cb:04:e6:d5:f3:d6:87:10:95:0f:69:2d:45:d5:0b:fe:
         e0:a4:00:ff:a5:98:ae:ff:59:42:a4:e9:19:9c:91:a0:9c:b3:
         19:8f:23:99:44:ac:4e:e2:91:f7:90:b2:35:55:b3:da:9f:dd:
         d2:36:47:4b:69:9a:f8:25:1c:d3:27:c8:68:fd:5d:89:d1:80:
         98:50:c0:9e:02:c4:43:03:d2:75:ae:0c:a7:78:e8:be:49:cc:
         b1:c9:79:e6:ef:ca:31:52:e6:ae:d1:b8:92:4e:8f:a2:05:45:
         c7:d4:c6:bd:9b:f7:1a:60:09:e0:21:e8:2e:57:ac:cb:62:63:
         ec:5f:c9:f9
mouthwash :~/tmp\>echo | openssl s_client -showcerts -servername gnupg.org -connect bitbucket.org:443 2>/dev/null | openssl x509 -inform pem -noout -textCertificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            97:fa:31:97:82:28:78:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=ID, ST=DKI Jakarta, L=Jakarta Barat, O=Maxindo Mitra Solusi, PT, OU=Research and Development, CN=blackhole.maxindo.net.id/emailAddress=widianto@maxindo.net.id
        Validity
            Not Before: Jul 27 03:41:50 2015 GMT
            Not After : Jul 26 03:41:50 2016 GMT
        Subject: C=ID, ST=DKI Jakarta, L=Jakarta Barat, O=Maxindo Mitra Solusi, PT, OU=Research and Development, CN=blackhole.maxindo.net.id/emailAddress=widianto@maxindo.net.id
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a2:83:f8:bb:a7:ff:aa:e8:90:0f:31:f3:68:98:
                    02:eb:8a:0d:e3:d4:fe:64:6f:82:03:e5:95:46:19:
                    25:87:37:fe:0e:f6:de:3a:27:ec:e4:13:2c:4f:80:
                    df:ba:0e:e5:d5:49:bb:cd:c6:e2:e9:38:f4:74:27:
                    7b:96:bd:f0:94:1d:1d:9c:7a:93:07:0f:e6:15:07:
                    e6:fc:d9:24:b1:2d:4e:53:23:f7:b4:25:0d:24:b3:
                    c5:54:4e:0e:90:06:29:98:3d:04:f8:92:7b:a5:59:
                    29:f1:d2:10:0e:73:6b:4e:88:dd:ce:bb:61:89:0b:
                    0a:04:ee:8c:71:9b:73:f7:5b:35:c9:1a:0c:ce:be:
                    43:39:29:52:6e:6e:80:45:4b:c1:77:7a:cd:30:c7:
                    ac:74:a2:c7:18:c7:fe:77:c0:eb:13:ef:8f:26:f2:
                    88:98:1d:22:e5:fd:a8:41:f1:ea:9e:44:81:2d:13:
                    fc:8c:5f:24:77:0d:eb:63:d2:29:3a:af:14:0c:05:
                    a3:33:f7:50:98:59:ba:02:b8:8b:c2:a8:92:23:d8:
                    c2:fd:2f:4c:a4:53:e4:8a:c8:53:e9:f9:d2:db:a4:
                    7a:f0:d3:b7:5e:ff:99:4d:1d:a8:64:10:88:cb:fe:
                    5a:df:5d:4e:db:bc:4b:db:4b:a3:59:c2:f9:aa:24:
                    18:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:49:B3:46:C7:64:B3:FE:67:98:A1:01:37:86:A9:C4:03:CC:CF:90
            X509v3 Authority Key Identifier:
                keyid:3E:49:B3:46:C7:64:B3:FE:67:98:A1:01:37:86:A9:C4:03:CC:CF:90

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         7e:f0:bd:20:05:53:9b:4d:9a:d0:2c:c8:b5:e9:21:50:06:b9:
         a6:bf:85:d0:8f:88:d9:10:1b:af:4a:eb:30:24:fc:22:8f:bc:
         2b:68:68:4a:10:c5:d8:32:a8:f2:6b:be:3d:d6:15:df:12:85:
         d8:cd:46:45:6c:6e:64:8b:63:e3:e7:23:bb:6a:75:74:56:5a:
         18:8d:c4:48:11:40:c9:6a:a6:99:40:de:8d:2a:93:4f:9e:14:
         d4:a9:cc:16:0e:8b:5a:7e:9a:55:2d:e5:ce:27:1e:f3:c9:fd:
         d1:f9:dd:92:f5:4f:34:b6:25:1b:9f:c6:5f:74:1a:9d:41:4b:
         98:7b:d1:a4:58:a7:a7:24:59:99:8c:cd:70:bb:bf:53:0d:02:
         cc:fa:79:f3:25:03:6c:13:c1:af:fa:5f:e4:45:a0:14:53:57:
         02:8a:e1:6a:c8:e8:44:cf:49:fe:a4:75:6b:28:dd:6d:a6:9e:
         48:e5:bd:13:23:24:9e:e9:35:9c:9e:7d:88:01:0f:d2:c1:27:
         a9:d7:01:8e:6c:93:1b:13:7b:f4:75:57:6d:5a:34:c1:c7:c9:
         8b:72:52:0a:cc:10:9b:95:5b:b3:12:5a:ec:45:88:2d:19:7c:
         ce:9f:68:7a:7e:f5:9c:c6:56:e7:6b:de:40:10:ae:af:04:53:
         43:1d:c7:d1
	With /etc/hosts pointing to 18.205.93.0 , 18.205.93.1 and 18.205.93.2 in that order

	mouthwash :~/tmp\>echo \| openssl s_client -showcerts -servername gnupg.org -connect bitbucket.org:443 2>/dev/null \| openssl x509 -inform pem -noout -text
	Certificate:
	Data:
	Version: 3 (0x2)
	Serial Number:
	0a:7e:ec:9b:39:52:f1:7e:2f:67:16:55:7a:6f:52:7d
	Signature Algorithm: sha256WithRSAEncryption
	Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA
	Validity
	Not Before: Apr 19 00:00:00 2018 GMT
	Not After : Apr 21 12:00:00 2020 GMT
	Subject: businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian, Inc., OU=Bitbucket, CN=bitbucket.org
	Subject Public Key Info:
	Public Key Algorithm: id-ecPublicKey
	Public-Key: (256 bit)
	pub:
	04:a4:d5:9a:3a:03:c4:9c:a1:70:6e:68:b8:ee:ea:
	fe:e5:fe:98:af:21:3b:14:01:ed:6c:96:9d:a6:72:
	de:7e:dd:38:03:12:3c:c9:35:ff:6a:63:9e:6c:67:
	4f:e0:cc:6e:d6:0b:c4:06:f7:6d:15:09:30:94:b5:
	b8:3b:78:db:29
	ASN1 OID: prime256v1
	NIST CURVE: P-256
	X509v3 extensions:
	X509v3 Authority Key Identifier:
	keyid:3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F

	X509v3 Subject Key Identifier:
	93:39:27:E1:BB:91:E0:E4:99:27:D3:14:EA:8B:9F:ED:A0:CE:D9:69
	X509v3 Subject Alternative Name:
	DNS:bitbucket.org, DNS:www.bitbucket.org
	X509v3 Key Usage: critical
	Digital Signature
	X509v3 Extended Key Usage:
	TLS Web Server Authentication, TLS Web Client Authentication
	X509v3 CRL Distribution Points:

	Full Name:
	URI:http://crl3.digicert.com/sha2-ev-server-g2.crl

	Full Name:
	URI:http://crl4.digicert.com/sha2-ev-server-g2.crl

	X509v3 Certificate Policies:
	Policy: 2.16.840.1.114412.2.1
	CPS: https://www.digicert.com/CPS
	Policy: 2.23.140.1.1

	Authority Information Access:
	OCSP - URI:http://ocsp.digicert.com
	CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt

	X509v3 Basic Constraints: critical
	CA:FALSE
	CT Precertificate SCTs:
	Signed Certificate Timestamp:
	Version : v1(0)
	Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
	3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
	Timestamp : Apr 19 05:15:56.053 2018 GMT
	Extensions: none
	Signature : ecdsa-with-SHA256
	30:45:02:21:00:A9:5D:E5:3A:40:90:C2:69:75:27:3F:
	A4:01:CD:88:CA:B1:58:F7:9F:6D:A4:D6:44:FE:F3:C5:
	20:10:C8:7C:6D:02:20:0D:E4:CE:4D:E8:E3:F1:E7:E1:
	7E:B9:E4:93:59:7E:B0:4B:34:BD:BC:6D:4A:59:66:73:
	D2:FB:C0:2F:53:CF:E9
	Signed Certificate Timestamp:
	Version : v1(0)
	Log ID : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
	46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
	Timestamp : Apr 19 05:15:56.276 2018 GMT
	Extensions: none
	Signature : ecdsa-with-SHA256
	30:44:02:20:7B:20:E7:A4:7F:5B:68:4B:F8:54:D8:A2:
	59:DD:2E:2E:A7:9D:75:4E:3E:7F:0D:BF:7E:E2:1D:59:
	9B:4D:42:57:02:20:54:5C:02:7C:4E:4E:26:42:04:34:
	EE:BD:1F:A3:6E:AF:1A:D8:74:42:1E:D5:5C:E0:E7:A3:
	BE:14:70:A0:B0:89
	Signed Certificate Timestamp:
	Version : v1(0)
	Log ID : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
	38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
	Timestamp : Apr 19 05:15:56.290 2018 GMT
	Extensions: none
	Signature : ecdsa-with-SHA256
	30:44:02:20:6F:C6:7D:50:10:98:BC:D9:37:3C:EB:B0:
	FC:12:65:5B:BD:C0:DF:98:2F:67:AA:BB:E7:6A:2E:C4:
	74:C5:BC:09:02:20:43:36:30:8D:9F:78:03:3E:9C:93:
	EF:EF:22:1A:11:2E:C9:52:79:5A:0E:05:40:72:58:9A:
	40:1F:42:69:B4:F1
	Signature Algorithm: sha256WithRSAEncryption
	25:78:42:cf:71:e5:06:31:b0:b4:a5:fa:3d:47:65:6c:60:a4:
	4c:eb:d0:6a:ee:bc:9c:43:49:21:ec:94:92:a3:1f:7b:db:e3:
	09:0a:d2:7e:a8:85:e8:3b:c0:d2:dc:4d:94:74:ef:88:55:08:
	18:90:5a:a0:f0:63:01:9e:da:83:68:0f:08:8a:06:c9:04:5d:
	0c:3e:ca:2e:4f:90:54:38:61:3f:d5:0b:9f:f7:08:18:a8:12:
	e0:a5:89:69:43:a4:44:d6:ac:90:af:68:60:09:78:c9:74:66:
	b2:96:24:83:49:9e:06:5b:64:4e:e1:92:be:12:4f:3d:d6:d7:
	88:84:cb:04:e6:d5:f3:d6:87:10:95:0f:69:2d:45:d5:0b:fe:
	e0:a4:00:ff:a5:98:ae:ff:59:42:a4:e9:19:9c:91:a0:9c:b3:
	19:8f:23:99:44:ac:4e:e2:91:f7:90:b2:35:55:b3:da:9f:dd:
	d2:36:47:4b:69:9a:f8:25:1c:d3:27:c8:68:fd:5d:89:d1:80:
	98:50:c0:9e:02:c4:43:03:d2:75:ae:0c:a7:78:e8:be:49:cc:
	b1:c9:79:e6:ef:ca:31:52:e6:ae:d1:b8:92:4e:8f:a2:05:45:
	c7:d4:c6:bd:9b:f7:1a:60:09:e0:21:e8:2e:57:ac:cb:62:63:
	ec:5f:c9:f9
	mouthwash :~/tmp\>echo \| openssl s_client -showcerts -servername gnupg.org -connect bitbucket.org:443 2>/dev/null \| openssl x509 -inform pem -noout -textCertificate:
	Data:
	Version: 3 (0x2)
	Serial Number:
	0a:7e:ec:9b:39:52:f1:7e:2f:67:16:55:7a:6f:52:7d
	Signature Algorithm: sha256WithRSAEncryption
	Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA
	Validity
	Not Before: Apr 19 00:00:00 2018 GMT
	Not After : Apr 21 12:00:00 2020 GMT
	Subject: businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian, Inc., OU=Bitbucket, CN=bitbucket.org
	Subject Public Key Info:
	Public Key Algorithm: id-ecPublicKey
	Public-Key: (256 bit)
	pub:
	04:a4:d5:9a:3a:03:c4:9c:a1:70:6e:68:b8:ee:ea:
	fe:e5:fe:98:af:21:3b:14:01:ed:6c:96:9d:a6:72:
	de:7e:dd:38:03:12:3c:c9:35:ff:6a:63:9e:6c:67:
	4f:e0:cc:6e:d6:0b:c4:06:f7:6d:15:09:30:94:b5:
	b8:3b:78:db:29
	ASN1 OID: prime256v1
	NIST CURVE: P-256
	X509v3 extensions:
	X509v3 Authority Key Identifier:
	keyid:3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F

	X509v3 Subject Key Identifier:
	93:39:27:E1:BB:91:E0:E4:99:27:D3:14:EA:8B:9F:ED:A0:CE:D9:69
	X509v3 Subject Alternative Name:
	DNS:bitbucket.org, DNS:www.bitbucket.org
	X509v3 Key Usage: critical
	Digital Signature
	X509v3 Extended Key Usage:
	TLS Web Server Authentication, TLS Web Client Authentication
	X509v3 CRL Distribution Points:

	Full Name:
	URI:http://crl3.digicert.com/sha2-ev-server-g2.crl

	Full Name:
	URI:http://crl4.digicert.com/sha2-ev-server-g2.crl

	X509v3 Certificate Policies:
	Policy: 2.16.840.1.114412.2.1
	CPS: https://www.digicert.com/CPS
	Policy: 2.23.140.1.1

	Authority Information Access:
	OCSP - URI:http://ocsp.digicert.com
	CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt

	X509v3 Basic Constraints: critical
	CA:FALSE
	CT Precertificate SCTs:
	Signed Certificate Timestamp:
	Version : v1(0)
	Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
	3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
	Timestamp : Apr 19 05:15:56.053 2018 GMT
	Extensions: none
	Signature : ecdsa-with-SHA256
	30:45:02:21:00:A9:5D:E5:3A:40:90:C2:69:75:27:3F:
	A4:01:CD:88:CA:B1:58:F7:9F:6D:A4:D6:44:FE:F3:C5:
	20:10:C8:7C:6D:02:20:0D:E4:CE:4D:E8:E3:F1:E7:E1:
	7E:B9:E4:93:59:7E:B0:4B:34:BD:BC:6D:4A:59:66:73:
	D2:FB:C0:2F:53:CF:E9
	Signed Certificate Timestamp:
	Version : v1(0)
	Log ID : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
	46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
	Timestamp : Apr 19 05:15:56.276 2018 GMT
	Extensions: none
	Signature : ecdsa-with-SHA256
	30:44:02:20:7B:20:E7:A4:7F:5B:68:4B:F8:54:D8:A2:
	59:DD:2E:2E:A7:9D:75:4E:3E:7F:0D:BF:7E:E2:1D:59:
	9B:4D:42:57:02:20:54:5C:02:7C:4E:4E:26:42:04:34:
	EE:BD:1F:A3:6E:AF:1A:D8:74:42:1E:D5:5C:E0:E7:A3:
	BE:14:70:A0:B0:89
	Signed Certificate Timestamp:
	Version : v1(0)
	Log ID : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
	38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
	Timestamp : Apr 19 05:15:56.290 2018 GMT
	Extensions: none
	Signature : ecdsa-with-SHA256
	30:44:02:20:6F:C6:7D:50:10:98:BC:D9:37:3C:EB:B0:
	FC:12:65:5B:BD:C0:DF:98:2F:67:AA:BB:E7:6A:2E:C4:
	74:C5:BC:09:02:20:43:36:30:8D:9F:78:03:3E:9C:93:
	EF:EF:22:1A:11:2E:C9:52:79:5A:0E:05:40:72:58:9A:
	40:1F:42:69:B4:F1
	Signature Algorithm: sha256WithRSAEncryption
	25:78:42:cf:71:e5:06:31:b0:b4:a5:fa:3d:47:65:6c:60:a4:
	4c:eb:d0:6a:ee:bc:9c:43:49:21:ec:94:92:a3:1f:7b:db:e3:
	09:0a:d2:7e:a8:85:e8:3b:c0:d2:dc:4d:94:74:ef:88:55:08:
	18:90:5a:a0:f0:63:01:9e:da:83:68:0f:08:8a:06:c9:04:5d:
	0c:3e:ca:2e:4f:90:54:38:61:3f:d5:0b:9f:f7:08:18:a8:12:
	e0:a5:89:69:43:a4:44:d6:ac:90:af:68:60:09:78:c9:74:66:
	b2:96:24:83:49:9e:06:5b:64:4e:e1:92:be:12:4f:3d:d6:d7:
	88:84:cb:04:e6:d5:f3:d6:87:10:95:0f:69:2d:45:d5:0b:fe:
	e0:a4:00:ff:a5:98:ae:ff:59:42:a4:e9:19:9c:91:a0:9c:b3:
	19:8f:23:99:44:ac:4e:e2:91:f7:90:b2:35:55:b3:da:9f:dd:
	d2:36:47:4b:69:9a:f8:25:1c:d3:27:c8:68:fd:5d:89:d1:80:
	98:50:c0:9e:02:c4:43:03:d2:75:ae:0c:a7:78:e8:be:49:cc:
	b1:c9:79:e6:ef:ca:31:52:e6:ae:d1:b8:92:4e:8f:a2:05:45:
	c7:d4:c6:bd:9b:f7:1a:60:09:e0:21:e8:2e:57:ac:cb:62:63:
	ec:5f:c9:f9
	mouthwash :~/tmp\>echo \| openssl s_client -showcerts -servername gnupg.org -connect bitbucket.org:443 2>/dev/null \| openssl x509 -inform pem -noout -textCertificate:
	Data:
	Version: 3 (0x2)
	Serial Number:
	97:fa:31:97:82:28:78:ed
	Signature Algorithm: sha256WithRSAEncryption
	Issuer: C=ID, ST=DKI Jakarta, L=Jakarta Barat, O=Maxindo Mitra Solusi, PT, OU=Research and Development, CN=blackhole.maxindo.net.id/emailAddress=widianto@maxindo.net.id
	Validity
	Not Before: Jul 27 03:41:50 2015 GMT
	Not After : Jul 26 03:41:50 2016 GMT
	Subject: C=ID, ST=DKI Jakarta, L=Jakarta Barat, O=Maxindo Mitra Solusi, PT, OU=Research and Development, CN=blackhole.maxindo.net.id/emailAddress=widianto@maxindo.net.id
	Subject Public Key Info:
	Public Key Algorithm: rsaEncryption
	Public-Key: (2048 bit)
	Modulus:
	00:a2:83:f8:bb:a7:ff:aa:e8:90:0f:31:f3:68:98:
	02:eb:8a:0d:e3:d4:fe:64:6f:82:03:e5:95:46:19:
	25:87:37:fe:0e:f6:de:3a:27:ec:e4:13:2c:4f:80:
	df:ba:0e:e5:d5:49:bb:cd:c6:e2:e9:38:f4:74:27:
	7b:96:bd:f0:94:1d:1d:9c:7a:93:07:0f:e6:15:07:
	e6:fc:d9:24:b1:2d:4e:53:23:f7:b4:25:0d:24:b3:
	c5:54:4e:0e:90:06:29:98:3d:04:f8:92:7b:a5:59:
	29:f1:d2:10:0e:73:6b:4e:88:dd:ce:bb:61:89:0b:
	0a:04:ee:8c:71:9b:73:f7:5b:35:c9:1a:0c:ce:be:
	43:39:29:52:6e:6e:80:45:4b:c1:77:7a:cd:30:c7:
	ac:74:a2:c7:18:c7:fe:77:c0:eb:13:ef:8f:26:f2:
	88:98:1d:22:e5:fd:a8:41:f1:ea:9e:44:81:2d:13:
	fc:8c:5f:24:77:0d:eb:63:d2:29:3a:af:14:0c:05:
	a3:33:f7:50:98:59:ba:02:b8:8b:c2:a8:92:23:d8:
	c2:fd:2f:4c:a4:53:e4:8a:c8:53:e9:f9:d2:db:a4:
	7a:f0:d3:b7:5e:ff:99:4d:1d:a8:64:10:88:cb:fe:
	5a:df:5d:4e:db:bc:4b:db:4b:a3:59:c2:f9:aa:24:
	18:65
	Exponent: 65537 (0x10001)
	X509v3 extensions:
	X509v3 Subject Key Identifier:
	3E:49:B3:46:C7:64:B3:FE:67:98:A1:01:37:86:A9:C4:03:CC:CF:90
	X509v3 Authority Key Identifier:
	keyid:3E:49:B3:46:C7:64:B3:FE:67:98:A1:01:37:86:A9:C4:03:CC:CF:90

	X509v3 Basic Constraints:
	CA:TRUE
	Signature Algorithm: sha256WithRSAEncryption
	7e:f0:bd:20:05:53:9b:4d:9a:d0:2c:c8:b5:e9:21:50:06:b9:
	a6:bf:85:d0:8f:88:d9:10:1b:af:4a:eb:30:24:fc:22:8f:bc:
	2b:68:68:4a:10:c5:d8:32:a8:f2:6b:be:3d:d6:15:df:12:85:
	d8:cd:46:45:6c:6e:64:8b:63:e3:e7:23:bb:6a:75:74:56:5a:
	18:8d:c4:48:11:40:c9:6a:a6:99:40:de:8d:2a:93:4f:9e:14:
	d4:a9:cc:16:0e:8b:5a:7e:9a:55:2d:e5:ce:27:1e:f3:c9:fd:
	d1:f9:dd:92:f5:4f:34:b6:25:1b:9f:c6:5f:74:1a:9d:41:4b:
	98:7b:d1:a4:58:a7:a7:24:59:99:8c:cd:70:bb:bf:53:0d:02:
	cc:fa:79:f3:25:03:6c:13:c1:af:fa:5f:e4:45:a0:14:53:57:
	02:8a:e1:6a:c8:e8:44:cf:49:fe:a4:75:6b:28:dd:6d:a6:9e:
	48:e5:bd:13:23:24:9e:e9:35:9c:9e:7d:88:01:0f:d2:c1:27:
	a9:d7:01:8e:6c:93:1b:13:7b:f4:75:57:6d:5a:34:c1:c7:c9:
	8b:72:52:0a:cc:10:9b:95:5b:b3:12:5a:ec:45:88:2d:19:7c:
	ce:9f:68:7a:7e:f5:9c:c6:56:e7:6b:de:40:10:ae:af:04:53:
	43:1d:c7:d1