X.509 is the standard for the format of public key certificates since 1988.

Here is how a X.509 certificate looks:

The CA does checks depending on the quality of certificate. There are four main categories:

Domain Validated (DV) → Is proof that the certificate owner actually has this certificate.

Organisation Validated (OV) → Is proof that the certificate owner actually owns the company.

Extended Validation (EV) → Authenticates more the OV, for examples: Company site visits, ID checks of high ranking employees, etc.

Qualified Website Authentication Certificate (QWAC) → Specific things are checked that it conforms to the PSD2 regulation.

Where can I check if my certificate is valid?

1. Certificate Revocation List (CRL): Most Browsers perform this check
2. Online Certificate Status Protocol (OCSP): The Authorative Information Access (AIA) field provides on how to access CA information and OCSP validation, etc.