openssl s_client -connect foo.badssl.com:443 -servername foo.badssl.com
openssl s_client -connect foo.badssl.com:443 -servername foo.badssl.com | tee /tmp/logcertfile
openssl x509 -in /tmp/logcertfile -noout -text | grep -i "issuer"
curl --output sectigo.crt http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt