Some public CAs have multiple roots, and more *use* multiple roots.

Assuming gmail means mail.google.com, as the [(currently two) reports at SSLLabs show](https://www.ssllabs.com/ssltest/analyze.html?d=mail.google.com) google uses its own intermediate CA, (CN) `Google Internet Authority G2` issued under (CN) `GeoTrust Global CA`. 

That **Geotrust CA has a root cert** with (SHA1) fingerprint beginning `DE28`, **but also a nonroot bridge cert** (included in server handshake) with fingerprint beginning `7359` 
under (OU) `Equifax Secure Certificate Authority`; that Equifax CA in turn has a root cert with fingerprint beginning `D232` which was issued in 1998 so it was pretty well established and trusted when GeoTrust started in 2002 and initially was not trusted. Today the bridge cert shouldn't be needed, and pretty soon it will actually hurt because its chain expires sooner.

For more on Geotrust (and Google) anchoring, see:

* https://security.stackexchange.com/questions/53231/google-certificates-correct-ca/
* https://security.stackexchange.com/questions/89798/different-ssl-cert-behavior-with-chrome-on-desktop-vs-chrome-on-ios
* https://security.stackexchange.com/questions/66487/what-happens-when-certificates-further-up-the-chain-expires-before-mine-equifa
* http://serverfault.com/questions/589590/understanding-the-output-of-openssl-s-client

@Steffen's answer points to a comparable but slightly different case, multiple generations *within* Verisign.