Some public CAs have multiple roots, and more use multiple roots.
Assuming gmail means mail.google.com, as the (currently two) reports at SSLLabs show google uses its own intermediate CA, (CN) Google Internet Authority G2 issued under (CN) GeoTrust Global CA.
That Geotrust CA has a root cert with (SHA1) fingerprint beginning DE28, but also a nonroot bridge cert (included in server handshake) with fingerprint beginning 7359 under (OU) Equifax Secure Certificate Authority; that Equifax CA in turn has a root cert with fingerprint beginning D232 which was issued in 1998 so it was pretty well established and trusted when GeoTrust started in 2002 and initially was not trusted. Today the bridge cert shouldn't be needed, and pretty soon it will actually hurt because its chain expires sooner.
For more on Geotrust (and Google) anchoring, see:
- google certificates correct CA
- Different SSL cert behavior with Chrome on desktop vs. Chrome on iOS
- What happens when certificates further up the chain expires before mine? (Equifax/GeoTrust)
- http://serverfault.com/questions/589590/understanding-the-output-of-openssl-s-client
@Steffen's answer points to a comparable but slightly different case, multiple generations within Verisign.
UPDATE 2017: The Equifax root cert, and thus the GeoTrust bridge cert, are no longer valid using the MozillaNSS-also-curl truststore, see http://serverfault.com/a/841071/216633 .