R3-ServerCA3A.cer: CN=Amazon,OU=Server CA 3A,O=Amazon,C=US (Intermediate Certificate, Expiring 2025-10-19) detail info and audit record

CA Certificate Information and Audit Record

This certificate is intermediate certificate used for the issuance of other certificates.

• Certificate Download URL: https://www.amazontrust.com/repository/R3-ServerCA3A.cer (in DER format )
• Serial Number : 144918209399737869880565973835271254086675594
• SHA-1 Fingerprint : 4654d16bfb1f5516010bb1e3a25445fd06d79f6d
• SHA-1 Fingerprint : 46:54:d1:6b:fb:1f:55:16:01:0b:b1:e3:a2:54:45:fd:06:d7:9f:6d
• SHA-256 Fingerprint : 205154b777edc55a5146585a5e54e054a70be4aad3b85d02318da27bf807adf1
• SHA-256 Fingerprint : 20:51:54:b7:77:ed:c5:5a:51:46:58:5a:5e:54:e0:54:a7:0b:e4:aa:d3:b8:5d:02:31:8d:a2:7b:f8:07:ad:f1
• Signature Hash Algorithm : sha256
• Subject : CN=Amazon,OU=Server CA 3A,O=Amazon,C=US
  • Country Name: US (United States of America)
  • Organization: Amazon
  • Organization Unit: Server CA 3A
  • Common Name: Amazon
• Not Valid Before: 2015-10-22 00:00:00
• Not Valid After: 2025-10-19 00:00:00
• Issuer (Parent Certificate):
  • Issuer Name: CN=Amazon Root CA 3,O=Amazon,C=US
  • Issuer Certificate URL: NA
• Audit Record:
  • Revocation Status: Not Revoked
  • Certificate Policy (CP) URL: Unknown
  • Certificate Practice Statement (CPS) URL: Unknown
  • Auditor: BDO International Limited
  • Standard Audit URL: https://www.cpacanada.ca/generichandlers/CPACHandler.ashx?attachmentid=2c238883-a342-4762-8e2a-f506ad5660f8
  • Standard Audit Period Start Date: 2021.01.16
  • Standard Audit Period End Date: 2022.01.15
  • Standard Audit Statement Date: 2022.04.08
  • Standard Audit Type: WebTrust
  • Full CRL Issued By This CA: Unknown
  • Check its issuer’s audit information: CN=Amazon Root CA 3,O=Amazon,C=US .

Download certificate through curl:

curl -sSL "https://www.amazontrust.com/repository/R3-ServerCA3A.cer" --output cert.crt

Download certificate through wget:

wget -q "https://www.amazontrust.com/repository/R3-ServerCA3A.cer" --output-document=cert.crt

CA Certificate Detail Information

Use openssl x509 to decode DER certificate to get detail information:

openssl x509 -in cert.crt -inform der -text -noout

Use openssl x509 to decode PEM certificate to get detail information:

openssl x509 -in cert.crt -inform pem -text -noout

Decoded detail certificate information:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:7f:94:57:58:fe:55:b9:ee:3f:75:83:1d:47:f0:7d:22:6c:8a
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=US, O=Amazon, CN=Amazon Root CA 3
        Validity
            Not Before: Oct 22 00:00:00 2015 GMT
            Not After : Oct 19 00:00:00 2025 GMT
        Subject: C=US, O=Amazon, OU=Server CA 3A, CN=Amazon
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:d8:71:8b:0a:99:87:51:d0:68:fc:5f:3e:39:13:
                    f9:5f:71:34:e7:5e:18:36:12:d0:08:60:12:07:c9:
                    7b:ff:65:0c:b2:c8:26:ac:d5:aa:6d:5f:f2:39:4f:
                    57:28:4f:a5:ca:d7:cd:60:9c:1f:21:00:3b:8a:7d:
                    69:4d:a0:86:11
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                04:DC:E0:95:E5:E8:B9:6B:94:A1:EF:8C:5B:31:1E:13:7E:55:97:DA
            X509v3 Authority Key Identifier: 
                keyid:AB:B6:DB:D7:06:9E:37:AC:30:86:07:91:70:C7:9C:C4:19:B1:78:C0

            Authority Information Access: 
                OCSP - URI:http://ocsp.rootca3.amazontrust.com
                CA Issuers - URI:http://crt.rootca3.amazontrust.com/rootca3.cer

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.rootca3.amazontrust.com/rootca3.crl

            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy

    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:20:3a:5f:ef:bb:1d:2a:7f:13:66:d3:95:b7:7a:87:
         da:f6:52:b0:cf:aa:0a:bd:db:ba:83:a4:9c:d1:49:70:81:17:
         02:21:00:92:59:24:3a:17:a2:47:2e:87:8e:58:bc:85:14:5e:
         b9:f1:e3:4a:10:a6:e4:10:63:07:cf:7e:20:2d:7f:cd:de

CA Certificate in PEM Format

Use openssl x509 to convert certificate from DER format to PEM format:

openssl x509 -in cert.crt -inform der

Converted PEM format certificate:

-----BEGIN CERTIFICATE-----
MIICuzCCAmGgAwIBAgITBn+UV1j+VbnuP3WDHUfwfSJsijAKBggqhkjOPQQDAjA5
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g
Um9vdCBDQSAzMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjELMAkG
A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENBIDNB
MQ8wDQYDVQQDEwZBbWF6b24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATYcYsK
mYdR0Gj8Xz45E/lfcTTnXhg2EtAIYBIHyXv/ZQyyyCas1aptX/I5T1coT6XK181g
nB8hADuKfWlNoIYRo4IBOTCCATUwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8B
Af8EBAMCAYYwHQYDVR0OBBYEFATc4JXl6LlrlKHvjFsxHhN+VZfaMB8GA1UdIwQY
MBaAFKu229cGnjesMIYHkXDHnMQZsXjAMHsGCCsGAQUFBwEBBG8wbTAvBggrBgEF
BQcwAYYjaHR0cDovL29jc3Aucm9vdGNhMy5hbWF6b250cnVzdC5jb20wOgYIKwYB
BQUHMAKGLmh0dHA6Ly9jcnQucm9vdGNhMy5hbWF6b250cnVzdC5jb20vcm9vdGNh
My5jZXIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5yb290Y2EzLmFtYXpv
bnRydXN0LmNvbS9yb290Y2EzLmNybDARBgNVHSAECjAIMAYGBFUdIAAwCgYIKoZI
zj0EAwIDSAAwRQIgOl/vux0qfxNm05W3eofa9lKwz6oKvdu6g6Sc0UlwgRcCIQCS
WSQ6F6JHLoeOWLyFFF658eNKEKbkEGMHz34gLX/N3g==
-----END CERTIFICATE-----

Decode PEM Certificate online

Download PEM Certificate

Also see Top 1 Millions Domains CA Certificate List

Related Certificates

• Amazon-ECDSA-256-M01.cer: CN=Amazon ECDSA 256 M01,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-ECDSA-256-M02.cer: CN=Amazon ECDSA 256 M02,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-ECDSA-256-M03.cer: CN=Amazon ECDSA 256 M03,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-ECDSA-256-M04.cer: CN=Amazon ECDSA 256 M04,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-ECDSA-384-M01.cer: CN=Amazon ECDSA 384 M01,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-ECDSA-384-M02.cer: CN=Amazon ECDSA 384 M02,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-ECDSA-384-M03.cer: CN=Amazon ECDSA 384 M03,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-ECDSA-384-M04.cer: CN=Amazon ECDSA 384 M04,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-RSA-2048-M01.cer: CN=Amazon RSA 2048 M01,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-RSA-2048-M02.cer: CN=Amazon RSA 2048 M02,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-RSA-2048-M03.cer: CN=Amazon RSA 2048 M03,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-RSA-2048-M04.cer: CN=Amazon RSA 2048 M04,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-RSA-4096-M01.cer: CN=Amazon RSA 4096 M01,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-RSA-4096-M02.cer: CN=Amazon RSA 4096 M02,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-RSA-4096-M03.cer: CN=Amazon RSA 4096 M03,O=Amazon,C=US (Expiring: 2030-08-23)
• Amazon-RSA-4096-M04.cer: CN=Amazon RSA 4096 M04,O=Amazon,C=US (Expiring: 2030-08-23)
• rootca1.cer: CN=Amazon Root CA 1,O=Amazon,C=US (Expiring: 2037-12-31)
• AmazonRootCA1.cer: CN=Amazon Root CA 1,O=Amazon,C=US (Expiring: 2038-01-17)
• G2-RootCA1.cer: CN=Amazon Root CA 1,O=Amazon,C=US (Expiring: 2037-12-31)
• G2-RootCA1.orig.cer: CN=Amazon Root CA 1,O=Amazon,C=US (Expiring: 2037-12-31)
• AmazonRootCA2.cer: CN=Amazon Root CA 2,O=Amazon,C=US (Expiring: 2040-05-26)
• G2-RootCA2.cer: CN=Amazon Root CA 2,O=Amazon,C=US (Expiring: 2037-12-31)
• G2-RootCA2.orig.cer: CN=Amazon Root CA 2,O=Amazon,C=US (Expiring: 2037-12-31)
• AmazonRootCA3.cer: CN=Amazon Root CA 3,O=Amazon,C=US (Expiring: 2040-05-26)
• G2-RootCA3.cer: CN=Amazon Root CA 3,O=Amazon,C=US (Expiring: 2037-12-31)
• G2-RootCA3.orig.cer: CN=Amazon Root CA 3,O=Amazon,C=US (Expiring: 2037-12-31)
• AmazonRootCA4.cer: CN=Amazon Root CA 4,O=Amazon,C=US (Expiring: 2040-05-26)
• G2-RootCA4.cer: CN=Amazon Root CA 4,O=Amazon,C=US (Expiring: 2037-12-31)
• G2-RootCA4.orig.cer: CN=Amazon Root CA 4,O=Amazon,C=US (Expiring: 2037-12-31)
• G2-ServerCA0A.cer: CN=Amazon,OU=Server CA 0A,O=Amazon,C=US (Expiring: 2025-10-19)
• G2-ServerCA0A.orig.cer: CN=Amazon,OU=Server CA 0A,O=Amazon,C=US (Expiring: 2040-10-21)
• R1-ServerCA1A.cer: CN=Amazon,OU=Server CA 1A,O=Amazon,C=US (Expiring: 2025-10-19)
• R1-ServerCA1A.orig.cer: CN=Amazon,OU=Server CA 1A,O=Amazon,C=US (Expiring: 2040-10-21)
• sca1b.crt: CN=Amazon,OU=Server CA 1B,O=Amazon,C=US (Expiring: 2025-10-19)
• R1-ServerCA1B.cer: CN=Amazon,OU=Server CA 1B,O=Amazon,C=US (Expiring: 2025-10-19)
• R1-ServerCA1B.orig.cer: CN=Amazon,OU=Server CA 1B,O=Amazon,C=US (Expiring: 2040-10-21)
• R2-ServerCA2A.cer: CN=Amazon,OU=Server CA 2A,O=Amazon,C=US (Expiring: 2025-10-19)
• R2-ServerCA2A.orig.cer: CN=Amazon,OU=Server CA 2A,O=Amazon,C=US (Expiring: 2040-10-21)
• R3-ServerCA3A.orig.cer: CN=Amazon,OU=Server CA 3A,O=Amazon,C=US (Expiring: 2040-10-21)
• R3-ServerCA3B.cer: CN=Amazon,OU=Server CA 3B,O=Amazon,C=US (Expiring: 2028-07-16)
• R4-ServerCA4A.cer: CN=Amazon,OU=Server CA 4A,O=Amazon,C=US (Expiring: 2025-10-19)
• R4-ServerCA4A.orig.cer: CN=Amazon,OU=Server CA 4A,O=Amazon,C=US (Expiring: 2040-10-21)
• rootg2.cer: CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US (Expiring: 2034-06-28)
• SFC2CA-SFSRootCAG2.cer: CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US (Expiring: 2034-06-28)
• SFC2CA-SFSRootCAG2.v2.cer: CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US (Expiring: 2034-06-28)
• SFSRootCA-SFSRootCAG2.cer: CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US (Expiring: 2031-05-30)
• SFSRootCAG2.cer: CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US (Expiring: 2037-12-31)