root_ca_3_x_gsca_r3_pem.crt: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK (Intermediate Certificate, Expiring 2029-03-18) detail info and audit record

Last Updated: 2023-05-06

Page content

CA Certificate Information and Audit Record

This certificate is intermediate certificate used for the issuance of other certificates.

Certificate Download URL: http://www1.ecert.gov.hk/root/root_ca_3_x_gsca_r3_pem.crt (in PEM format )
Serial Number : 166856970850318038846439446746737388311
SHA-1 Fingerprint : af0f1f7afbd02e3dde39bd0b646cf97b7d122408
SHA-1 Fingerprint : af:0f:1f:7a:fb:d0:2e:3d:de:39:bd:0b:64:6c:f9:7b:7d:12:24:08
SHA-256 Fingerprint : 00482341b104a0de6e0f1d508db84cb514f7494fe04982133a5c750136c55dc8
SHA-256 Fingerprint : 00:48:23:41:b1:04:a0:de:6e:0f:1d:50:8d:b8:4c:b5:14:f7:49:4f:e0:49:82:13:3a:5c:75:01:36:c5:5d:c8
Signature Hash Algorithm : sha256
Subject : CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK
- Country Name: HK (Hong Kong)
- State or Province Name: Hong Kong
- Locality: Hong Kong
- Organization: Hongkong Post
- Common Name: Hongkong Post Root CA 3
Not Valid Before: 2022-11-16 03:35:08
Not Valid After: 2029-03-18 00:00:00
Issuer (Parent Certificate):
- Issuer Name: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3
- Issuer Certificate URL: NA
Audit Record:
- Revocation Status: Not Revoked
- Certificate Policy (CP) URL: https://www.ecert.gov.hk/product/cps/ecert/img/server_cps_en15.pdf
- Certificate Practice Statement (CPS) URL: https://www.ecert.gov.hk/product/cps/ecert/img/server_cps_en15.pdf
- Auditor: PwC - PricewaterhouseCoopers International Limited
- Standard Audit URL: https://www.ecert.gov.hk/product/cps/ecert/img/WebTrust_CA_Report_2022.pdf
- Standard Audit Period Start Date: 2022.01.01
- Standard Audit Period End Date: 2022.12.31
- Standard Audit Statement Date: 2023.02.27
- Standard Audit Type: WebTrust
- Full CRL Issued By This CA: http://crl1.ecert.gov.hk/crl/RootCA3ARL.crl
- Check its issuer’s audit information: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 .

Download certificate through curl:

curl -sSL "http://www1.ecert.gov.hk/root/root_ca_3_x_gsca_r3_pem.crt" --output cert.crt

Download certificate through wget:

wget -q "http://www1.ecert.gov.hk/root/root_ca_3_x_gsca_r3_pem.crt" --output-document=cert.crt

CA Certificate Detail Information

Use openssl x509 to decode DER certificate to get detail information:

openssl x509 -in cert.crt -inform der -text -noout

Use openssl x509 to decode PEM certificate to get detail information:

openssl x509 -in cert.crt -inform pem -text -noout

Decoded detail certificate information:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:87:7b:d1:14:24:c2:26:0c:70:2c:5d:eb:33:ab:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
        Validity
            Not Before: Nov 16 03:35:08 2022 GMT
            Not After : Mar 18 00:00:00 2029 GMT
        Subject: C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:b3:88:d7:ea:ce:0f:20:4e:be:e6:d6:03:6d:ee:
                    59:fc:c2:57:df:29:68:a1:83:0e:3e:68:c7:68:58:
                    9c:1c:60:4b:89:43:0c:b9:d4:15:b2:ee:c1:4e:75:
                    e9:b5:a7:ef:e5:e9:35:99:e4:cc:1c:e7:4b:5f:8d:
                    33:30:20:33:53:d9:a6:bb:d5:3e:13:8e:e9:1f:87:
                    49:ad:50:2d:50:ca:18:be:01:58:a2:13:70:96:bb:
                    89:88:56:80:5c:f8:bd:2c:3c:e1:4c:57:88:bb:d3:
                    b9:95:ef:cb:c7:f6:da:31:74:28:a6:e6:54:89:f5:
                    41:31:ca:e5:26:1a:cd:82:e0:70:da:3b:29:bb:d5:
                    03:f5:99:ba:55:f5:64:d1:60:0e:b3:89:49:b8:8a:
                    2f:05:d2:84:45:28:7c:8f:68:50:12:78:fc:0b:b5:
                    53:cb:c2:98:1c:84:a3:9e:b0:be:23:a4:da:dc:c8:
                    2b:1e:da:6e:45:1e:89:98:da:f9:00:2e:06:e9:0c:
                    3b:70:d5:50:25:88:99:cb:cd:73:60:f7:d5:ff:35:
                    67:c5:a1:bc:5e:ab:cd:4a:b8:45:eb:c8:68:1e:0d:
                    0d:14:46:12:e3:d2:64:62:8a:42:98:bc:b4:c6:08:
                    08:f8:fd:a8:4c:64:9c:76:01:bd:2f:a9:6c:33:0f:
                    d8:3f:28:b8:3c:69:01:42:86:7e:69:c1:c9:06:ca:
                    e5:7a:46:65:e9:c2:d6:50:41:2e:3f:b7:e4:ed:6c:
                    d7:bf:26:01:11:a2:16:29:4a:6b:34:06:90:ec:13:
                    d2:b6:fb:6a:76:d2:3c:ed:f0:d6:2d:dd:e1:15:ec:
                    a3:9b:2f:2c:c9:3e:2b:e4:69:3b:ff:72:25:b1:36:
                    86:5b:c7:7f:6b:8b:55:1b:4a:c5:20:61:3d:ae:cb:
                    50:e1:08:3a:be:b0:8f:63:41:53:30:08:59:3c:98:
                    1d:77:ba:63:91:7a:ca:10:50:60:bf:f0:d7:bc:95:
                    87:8f:97:c5:fe:97:6a:01:94:a3:7c:5b:85:1d:2a:
                    39:3a:d0:54:a1:d1:39:71:9d:fd:21:f9:b5:7b:f0:
                    e2:e0:02:8f:6e:96:24:25:2c:a0:1e:2c:a8:c4:89:
                    a7:ef:ed:99:06:2f:b6:0a:4c:4f:db:a2:cc:37:1a:
                    af:47:85:2d:8a:5f:c4:34:34:4c:00:fd:18:93:67:
                    13:d1:37:e6:48:b4:8b:06:c5:57:7b:19:86:0a:79:
                    cb:00:c9:52:af:42:ff:37:8f:e1:a3:1e:7a:3d:50:
                    ab:63:06:e7:15:b5:3f:b6:45:37:94:37:b1:7e:f2:
                    48:c3:7f:c5:75:fe:97:8d:45:8f:1a:a7:1a:72:28:
                    1a:40:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                17:9D:CD:1E:8B:D6:39:2B:70:D3:5C:D4:A0:B8:1F:B0:00:FC:C5:61
            X509v3 Authority Key Identifier: 
                keyid:8F:F0:4B:7F:A8:2E:45:24:AE:4D:50:FA:63:9A:8B:DE:E2:DD:1B:BC

            Authority Information Access: 
                OCSP - URI:http://ocsp.globalsign.com/rootr3
                CA Issuers - URI:http://secure.globalsign.com/cacert/root-r3.crt

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.globalsign.com/root-r3.crl

            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.1
                Policy: 2.23.140.1.2.2
                Policy: 1.3.6.1.4.1.4146.1.1

    Signature Algorithm: sha256WithRSAEncryption
         40:34:17:d4:0d:4b:41:c9:47:33:fd:ba:2f:27:d1:94:b1:c7:
         32:ef:75:d6:c5:a5:09:9b:5c:08:8f:a0:e8:86:77:2f:43:41:
         57:fe:66:77:97:50:a9:7b:48:de:79:78:e5:17:96:f1:e4:13:
         d1:6f:95:f0:60:ac:60:2e:0e:57:ef:95:f4:02:5d:54:1c:ff:
         65:56:62:a1:22:bc:01:f4:6b:7f:f0:11:45:b1:3f:4f:af:41:
         bd:9c:51:ec:56:71:30:f2:74:3c:4f:8b:26:86:29:eb:c9:3d:
         73:7a:f1:09:bc:1e:20:56:f8:8f:a3:66:7e:0d:22:1d:3e:a0:
         01:30:7d:ab:70:6b:83:dd:28:a8:b1:10:44:c7:65:62:fb:fc:
         88:fe:5f:da:cc:88:c1:8c:49:be:b5:06:8b:33:91:58:77:91:
         de:63:f4:ee:bd:13:fa:90:45:91:49:ed:76:c9:a0:2c:fa:b4:
         b1:2d:03:7e:6d:31:7e:20:bf:f0:94:16:cd:b4:7d:f7:d2:7f:
         a9:34:79:23:5e:30:00:c0:bd:c9:46:32:83:db:fc:c1:f6:50:
         ba:6d:64:11:11:fd:0e:9b:87:75:04:db:ac:af:6b:63:30:5d:
         40:97:57:c9:14:9d:20:d7:c6:b3:69:8b:db:ad:22:11:ed:88:
         88:86:80:ee

CA Certificate in PEM Format

Use openssl x509 to convert certificate from DER format to PEM format:

openssl x509 -in cert.crt -inform der

Converted PEM format certificate:

Decode PEM Certificate online

Download PEM Certificate

Also see Top 1 Millions Domains CA Certificate List

CA Certificate Information and Audit Record

CA Certificate Detail Information

CA Certificate in PEM Format

Related Certificates