They would need to validate it, but that IP address returns their certificate when curled…
curl -Iv https://privateinternetaccess.com --resolve privateinternetaccess.com:443:172.227.168.130
* Added privateinternetaccess.com:443:172.227.168.130 to DNS cache
* Hostname privateinternetaccess.com was found in DNS cache
* Trying 172.227.168.130:443...
* TCP_NODELAY set
* Connected to privateinternetaccess.com (172.227.168.130) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=Colorado; L=Denver; O=London Trust Media Incorporated; CN=*.privateinternetaccess.com
* start date: Feb 7 23:52:13 2020 GMT
* expire date: Feb 23 14:15:01 2021 GMT
* subjectAltName: host "privateinternetaccess.com" matched cert's "privateinternetaccess.com"
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com