virtualmin.urz.uni-heidelberg.de

- Universitaet Heidelberg -

Issued by GEANT OV RSA CA 4

About this certificate

This digital certificate with serial number b9:f2:c7:70:85:72:01:98:bd:90:ad:d3:a4:ee:19:eb was issued on by GEANT Vereniging.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Universitaet Heidelberg

Organization: Universitaet Heidelberg
State / Province: Baden-Wuerttemberg
Country: DE

GEANT Vereniging

Organization: GEANT Vereniging
Country: NL

This certificate will expire on

Certificate Details

Serial Number (hex): b9:f2:c7:70:85:72:01:98:bd:90:ad:d3:a4:ee:19:eb
Serial Number (int): 247167760174339524442935014977604295147
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 75:0c:16:8b:09:f7:ec:59:c5:92:62:83:26:c1:b4:cd:5d:20:f6:43
AuthorityKeyId: 6f:1d:35:49:10:6c:32:fa:59:a0:9e:bc:8a:e8:1f:95:be:71:7a:0c

Fingerprint (sha1): 31:0e:6c:0d:1a:d1:ed:d1:34:5f:85:85:f0:17:ad:99:87:65:fd:77
Fingerprint (sha256): 01:00:67:aa:88:14:6b:08:f8:c4:58:d2:a6:1a:44:61:68:47:6f:8c:11:03:e2:b2:15:29:25:90:21:41:3b:6c

Issuing Certificate URL: http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt

Revocation information

OCSP Server: http://GEANT.ocsp.sectigo.com
CRL Distribution Point: http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl

Check the revocation status for certificate virtualmin.urz.uni-heidelberg.de

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for virtualmin.urz.uni-heidelberg.de

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

virtualmin.urz.uni-heidelberg.de
heidelberger-forum-edition.de
zentralarchiv-juden.de

Other certificates including the domain name uni-heidelberg.de

(limited to 100 certificates)
hch19.cl.uni-heidelberg.de
www.mathematik.uni-heidelberg.de
klassphil.stura.uni-heidelberg.de
heimap-app.uni-heidelberg.de
heidocs1.zuv.uni-heidelberg.de
haw-pallas.adw.uni-heidelberg.de
flagship.kip.uni-heidelberg.de
cloud.kip.uni-heidelberg.de
ra.ziti.uni-heidelberg.de
neu.stura.uni-heidelberg.de
imap.iup.uni-heidelberg.de
calc.mathphys.stura.uni-heidelberg.de
vcg.iwr.uni-heidelberg.de
crispr.cos.uni-heidelberg.de
datashield.bioquant.uni-heidelberg.de
zinser-pc.physi.uni-heidelberg.de
weyauu.physi.uni-heidelberg.de
hcicloud.iwr.uni-heidelberg.de
cft2011.mathi.uni-heidelberg.de
public.urz.uni-heidelberg.de
virtualmin.urz.uni-heidelberg.de
karriere.klinikum.uni-heidelberg.de
www.soz.uni-heidelberg.de
www2.uniarchiv.uni-heidelberg.de
bud.iwr.uni-heidelberg.de
www.kip.uni-heidelberg.de
osm-vis.geog.uni-heidelberg.de
svn.ifi.uni-heidelberg.de
namse.med.uni-heidelberg.de
tc-hissva-prod1.zuv.uni-heidelberg.de
gisservices.geog.uni-heidelberg.de
mobility.zuv.uni-heidelberg.de
jupyter18.kip.uni-heidelberg.de
heiboxone.urz.uni-heidelberg.de
bq-mon-01.bioquant.uni-heidelberg.de
indico.physi.uni-heidelberg.de
mtk-online.urz.uni-heidelberg.de
neueslehramt.stura.uni-heidelberg.de
brassibase-dev.cos.uni-heidelberg.de
rewi-alumni.stura.uni-heidelberg.de
thbw-www.adw.uni-heidelberg.de
physikadmin.kip.uni-heidelberg.de
mp-force.ziti.uni-heidelberg.de
fsjapo.stura.uni-heidelberg.de
parcomp-git.iwr.uni-heidelberg.de
klimaschutzkarte.de
serv5.ub.uni-heidelberg.de
fachschaft.cl.uni-heidelberg.de
abhilekha.adw.uni-heidelberg.de
moodle.umm.uni-heidelberg.de
Sharepoint.urz.uni-heidelberg.de
kibana-dev.realm.bwinfosec.uni-heidelberg.de
brassibase-dev.cos.uni-heidelberg.de
exchange.uni-heidelberg.de
drw-www.adw.uni-heidelberg.de
cumulus.cos.uni-heidelberg.de
git.kip.uni-heidelberg.de
medusys.medma.uni-heidelberg.de
emp.kip.uni-heidelberg.de
relay2.uni-heidelberg.de
wrangler.mathi.uni-heidelberg.de
sturawahl.stura.uni-heidelberg.de
gistools.geog.uni-heidelberg.de
banane.mathi.uni-heidelberg.de
webapp-test.zuv.uni-heidelberg.de
mail.stw.uni-heidelberg.de
owncloud.itp.uni-heidelberg.de
ki.stura.uni-heidelberg.de
hisapp.uni-heidelberg.de
pille.iwr.uni-heidelberg.de
znfshop.zbt.uni-heidelberg.de
dschungelbuch.stura.uni-heidelberg.de
ui-test.heicloud.uni-heidelberg.de
aid.krz.uni-heidelberg.de
fszahnmedizin.stura.uni-heidelberg.de
dag.adw.uni-heidelberg.de
gitlab.gistools.geog.uni-heidelberg.de
survey.csi.uni-heidelberg.de
mtk-online.urz.uni-heidelberg.de
mats.stura.uni-heidelberg.de
hci-iweb.iwr.uni-heidelberg.de
ora3.zuv.uni-heidelberg.de
sso-02-dmed.urz.uni-heidelberg.de
beowulf.bioquant.uni-heidelberg.de
web.imbi.uni-heidelberg.de
aci.uni-heidelberg.de
jesajanet-pepa-test.med.uni-heidelberg.de
pix.umm.uni-heidelberg.de
wvz1.stura.uni-heidelberg.de
books.ub.uni-heidelberg.de
ext01.dmed.uni-heidelberg.de
serv5.ub.uni-heidelberg.de
cegit.ziti.uni-heidelberg.de
fsiued.stura.uni-heidelberg.de
dsf-dbmi.umm.uni-heidelberg.de
fs-sino.stura.uni-heidelberg.de
lists.cl.uni-heidelberg.de
bud.iwr.uni-heidelberg.de
dms.urz.uni-heidelberg.de
ipa.iwr.uni-heidelberg.de

Certificate

The complete raw certificate details for virtualmin.urz.uni-heidelberg.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIsDCCBpigAwIBAgIRALnyx3CFcgGYvZCt06TuGeswDQYJKoZIhvcNAQEMBQAw
RDELMAkGA1UEBhMCTkwxGTAXBgNVBAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNV
BAMTEUdFQU5UIE9WIFJTQSBDQSA0MB4XDTIzMDcwNjAwMDAwMFoXDTI0MDcwNTIz
NTk1OVowdzELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVy
ZzEgMB4GA1UEChMXVW5pdmVyc2l0YWV0IEhlaWRlbGJlcmcxKTAnBgNVBAMTIHZp
cnR1YWxtaW4udXJ6LnVuaS1oZWlkZWxiZXJnLmRlMIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEAl8h0uJGwdDKshHyrpnHBbDeNuHiVPGEFuPPDvpWt84CU
tAChZ0bNqU5A0zPaueSbm/9IYL/3GBveULev1dYVFEJ6Om7V4uB9r2nAJ/TmGJhx
3s8vX1qpA8pJhA9OYBIEp8lxlTi06rK9ScM46K2xlvt/xMoM37WnY1HqMXS1TTi3
wqlNrmhJYWo3DN3SIuB+dLRVmsNNrHWeWP6MPu05CMpSOempJ/lGfgPRHMYJj9WC
SQhfWGKePII4K96PQDqFr7y7jxzJ67bGqMOX3uj6UTkSSUh6tzZJ8umBfgZmJSWj
NDkLQbIkttNGBoS7OQ1kpTWPnJsPAONYJjWgMAQfQV25AACE4kCarU2Rog0Dl0Rd
CPNAKPKVkhBTPi3qwaxI8MTYIgJ+dCKcJy+L5HsKyvBH7tMAoPS7vTwNJd3+gqxg
921K7u3VtwRKZIkEpoLPSwfDOaD6GujtAtaZj/Yrq09giSqJyB8N8BDl/e8n/D04
xcncSLr2gjY6+s0HGGC4IPWcdF+YhrErG4Hw5BJ5JY5Cfz1KlsPVEWqiq8J9dKXa
NfpzD0Xu5WPRnr1TbwFt+8tWbmEZxs/Mh/f+f8j/emvBfWN8NEqmtd9QWmU8P6bN
33v4lYEIfL5/GWwxHEaKKMimludILwPjAuH9Xk7Li7203mu2pp0ak5eczDp7ZRcC
AwEAAaOCA2gwggNkMB8GA1UdIwQYMBaAFG8dNUkQbDL6WaCevIroH5W+cXoMMB0G
A1UdDgQWBBR1DBaLCffsWcWSYoMmwbTNXSD2QzAOBgNVHQ8BAf8EBAMCBaAwDAYD
VR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0g
BEIwQDA0BgsrBgEEAbIxAQICTzAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3Rp
Z28uY29tL0NQUzAIBgZngQwBAgIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL0dF
QU5ULmNybC5zZWN0aWdvLmNvbS9HRUFOVE9WUlNBQ0E0LmNybDB1BggrBgEFBQcB
AQRpMGcwOgYIKwYBBQUHMAKGLmh0dHA6Ly9HRUFOVC5jcnQuc2VjdGlnby5jb20v
R0VBTlRPVlJTQUNBNC5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9HRUFOVC5vY3Nw
LnNlY3RpZ28uY29tMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQB2/4g/Crb7
lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYkrv9ptAAAEAwBGMEQCIEFn9EHG
ZhVuzUbU9chWDfc9/HahQ3LGQ7i0D4QEgtEEAiBMOvAYznabr9eO+3nU96WPp7t2
Dd/NzS/XAcjtpjyKNAB2ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/ur
AAABiSu/2scAAAQDAEcwRQIhAINMG1bLGCP6IAOc2lxKs3wc9tCdUPxivXTMKmM5
2R8aAiBYOTz6X1zPwzL1TgXk++c6RBeppon/QdRqDEYEjND0KAB1AO7N0GTV2xrO
xVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABiSu/2p4AAAQDAEYwRAIgO5UL/ldf
AQ7HIQYE9PE/M84PNDKd9eKuCR8Be1mlR3YCIHxjh+ePfa3Xse/Kub+2oDHtLIXc
tWcwX3WSG1f1EHP8MGIGA1UdEQRbMFmCIHZpcnR1YWxtaW4udXJ6LnVuaS1oZWlk
ZWxiZXJnLmRlgh1oZWlkZWxiZXJnZXItZm9ydW0tZWRpdGlvbi5kZYIWemVudHJh
bGFyY2hpdi1qdWRlbi5kZTANBgkqhkiG9w0BAQwFAAOCAgEAeOnjM+eOWGkctI9P
VYJ96YPVo7PgXy1n4Esrii5OxMrVvI6Oo2S4F9Z2iXP5nYn4vW8PlvLaznknBT1Z
u5TfJ0S70EoMAPeq65CQsSrsOEc3QhUIv/ZVw8rCULJuBd3XPttG/31Nz2RFhhyS
yf6uJ46zRUYzZ1gHDjAtkkeUOG+ymFUJK04QWYKA+tur3WRjfe+yEf/DIOOUnEK+
6YeV4/7w/SvXYH8o9ddcuoOrnMLCSM2dfttlqw78hCSlyJBvZqyc8qodlNaKk4Zh
Qitw/TVzBDky003Eb8vHjzv/906k9dgwGJuaupU00k/8eUh4uilhUF+VPXdwug4p
llmhySl/AU51SWow5zAFxkkEpitTjZ+oU6c0OQ5VMqP9DhEhAPQjTgO31M9eQV7c
OyAaWVXoFFTm9mBP4EuInjVKHmwRTCFbXXnh4jmJkEno25F1r3fxkGXBYmJI0J3a
bQLivGkzI3U4fVaZDbFRHmUTzZKZB0D1eo9aSvlHhZxfiddqk0LCXZ+OMVLXKU3T
OeeEZK4PKN5YgJwnWoXD6jl/FHgqBspXl6o+xop7v/B8JpjF5GZnMJhN3or0K/Ca
Du2sB39ltUfDYeugAiZwe8RbCeMqujjkS6VsnGlaPaxdVtJa1sKeBepi6dY6eyGC
vLtEi/htW1reJu+gz/rrgspMpyU=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAl8h0uJGwdDKshHyrpnHB
bDeNuHiVPGEFuPPDvpWt84CUtAChZ0bNqU5A0zPaueSbm/9IYL/3GBveULev1dYV
FEJ6Om7V4uB9r2nAJ/TmGJhx3s8vX1qpA8pJhA9OYBIEp8lxlTi06rK9ScM46K2x
lvt/xMoM37WnY1HqMXS1TTi3wqlNrmhJYWo3DN3SIuB+dLRVmsNNrHWeWP6MPu05
CMpSOempJ/lGfgPRHMYJj9WCSQhfWGKePII4K96PQDqFr7y7jxzJ67bGqMOX3uj6
UTkSSUh6tzZJ8umBfgZmJSWjNDkLQbIkttNGBoS7OQ1kpTWPnJsPAONYJjWgMAQf
QV25AACE4kCarU2Rog0Dl0RdCPNAKPKVkhBTPi3qwaxI8MTYIgJ+dCKcJy+L5HsK
yvBH7tMAoPS7vTwNJd3+gqxg921K7u3VtwRKZIkEpoLPSwfDOaD6GujtAtaZj/Yr
q09giSqJyB8N8BDl/e8n/D04xcncSLr2gjY6+s0HGGC4IPWcdF+YhrErG4Hw5BJ5
JY5Cfz1KlsPVEWqiq8J9dKXaNfpzD0Xu5WPRnr1TbwFt+8tWbmEZxs/Mh/f+f8j/
emvBfWN8NEqmtd9QWmU8P6bN33v4lYEIfL5/GWwxHEaKKMimludILwPjAuH9Xk7L
i7203mu2pp0ak5eczDp7ZRcCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 247167760174339524442935014977604295147
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT Vereniging'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT OV RSA CA 4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-06 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-05 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Baden-Wuerttemberg'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Universitaet Heidelberg'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'virtualmin.urz.uni-heidelberg.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 619220742129741480519572434910094049674345812383816601803689830844296703358697039018053992928529924664993123322872046744778166310875482118408283584474618662196018402823908982124245941797182930456082568740719166437663702079361753434408227762792933359261450068062577726041711151052753568938837393147290485961461711542779377267524255744830526297846182729425832774114728535540947310436276929849501230536729663332984423856318501676843983016531507544295178522567390619117988595208361970626355971199169176604140452961593677707028759390691411694910810127740388612059795876088933062552171680139955585525183335293409265089369689856143114066383184614976112782403637284207997148946821695443077674837722553170985807725190423544985110994024742758472175119277228240075351735823940291516479823499816970782124921320832714262790162585847320837909707184414476486854970091393318074150225994366387907542350883049449959816780301686368348504624865461895962839998402721592161633633624914122945740293366583996713125715192005825006997702575196395362582608882288727639976987395648449749675050838273501536584948952591208764495080748269228839386671503081220847736590511808385384477225712936857298014678926345108692541423507199387158017917647077338789007234655511
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f1d3549106c32fa59a09ebc8ae81f95be717a0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							750c168b09f7ec59c592628326c1b4cd5d20f643
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.79
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							016600750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a74000001892bbfda6d000004030046304402204167f441c666156ecd46d4f5c8560df73dfc76a14372c643b8b40f840482d10402204c3af018ce769bafd78efb79d4f7a58fa7bb760ddfcdcd2fd701c8eda63c8a34007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab000001892bbfdac70000040300473045022100834c1b56cb1823fa20039cda5c4ab37c1cf6d09d50fc62bd74cc2a6339d91f1a022058393cfa5f5ccfc332f54e05e4fbe73a4417a9a689ff41d46a0c46048cd0f428007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b000001892bbfda9e000004030046304402203b950bfe575f010ec7210604f4f13f33ce0f34329df5e2ae091f017b59a5477602207c6387e78f7dadd7b1efcab9bfb6a031ed2c85dcb567305f75921b57f51073fc
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (91 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'virtualmin.urz.uni-heidelberg.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'heidelberger-forum-edition.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'zentralarchiv-juden.de'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0078e9e333e78e58691cb48f4f55827de983d5a3b3e05f2d67e04b2b8a2e4ec4cad5bc8e8ea364b817d6768973f99d89f8bd6f0f96f2dace7927053d59bb94df2744bbd04a0c00f7aaeb9090b12aec384737421508bff655c3cac250b26e05ddd73edb46ff7d4dcf6445861c92c9feae278eb34546336758070e302d924794386fb29855092b4e10598280fadbabdd64637defb211ffc320e3949c42bee98795e3fef0fd2bd7607f28f5d75cba83ab9cc2c248cd9d7edb65ab0efc8424a5c8906f66ac9cf2aa1d94d68a938661422b70fd3573043932d34dc46fcbc78f3bfff74ea4f5d830189b9aba9534d24ffc794878ba2961505f953d7770ba0e299659a1c9297f014e75496a30e73005c64904a62b538d9fa853a734390e5532a3fd0e112100f4234e03b7d4cf5e415edc3b201a5955e81454e6f6604fe04b889e354a1e6c114c215b5d79e1e239899049e8db9175af77f19065c1626248d09dda6d02e2bc69332375387d56990db1511e6513cd92990740f57a8f5a4af947859c5f89d76a9342c25d9f8e3152d7294dd339e78464ae0f28de58809c275a85c3ea397f14782a06ca5797aa3ec68a7bbff07c2698c5e4666730984dde8af42bf09a0eedac077f65b547c361eba00226707bc45b09e32aba38e44ba56c9c695a3dac5d56d25ad6c29e05ea62e9d63a7b2182bcbb448bf86d5b5ade26efa0cffaeb82ca4ca725