gmaa-adfs.datacenter-migros.ch

- Migros -

Issued by Migros CA Class1

About this certificate

This digital certificate with serial number 14:57:f4:c4:00:00:00:00:61:19 was issued on by Migros.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • CAs must include keyIdentifer field of AKI in all non-self-issued certificates (RFC 5280: 4.2.1.1)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Migros

Organization: Migros
Organization unit: SERVER
Country: CH

Migros

Organization: Migros
Country: CH

This certificate has expire since

Certificate Details

Serial Number (hex): 14:57:f4:c4:00:00:00:00:61:19
Serial Number (int): 96069833613846324994329
Serial Number lenght: 77 bits, 10 octets

SubjectKeyId: 83:96:f2:9d:d9:87:4d:1e:0b:5c:cd:76:84:15:28:9f:dd:0f:68:f2
AuthorityKeyId:

Fingerprint (sha1): dd:22:d5:41:82:8e:58:4e:1a:b7:21:17:eb:e4:7e:57:74:bc:ea:12
Fingerprint (sha256): 01:a7:65:ed:9a:7b:6b:cc:31:ea:3b:7a:63:bb:d9:d2:c0:42:8a:52:22:01:60:c4:66:a7:e5:03:d3:b4:9c:f2


Revocation information

CRL Distribution Point: ldap://metadir.migros.ch:389/cn=migros_ca_class1,o=migros,c=ch

Check the revocation status for certificate gmaa-adfs.datacenter-migros.ch

0

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for gmaa-adfs.datacenter-migros.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Time Stamping
Email Protection
IPSEC User
IPSEC Tunnel
IPSEC End System
Code Signing
Client Authentication
Server Authentication

Extensions

4 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

This certificate doesn't contain any subject alternative names.

Other certificates including the domain name datacenter-migros.ch

(limited to 100 certificates)
vnexs02a.datacenter-migros.ch
gmaa-adfs.datacenter-migros.ch
lb.mrd-adfs.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
lb.mrd-adfs.datacenter-migros.ch
lb.mrd-adfs.datacenter-migros.ch
ewfki-wf.datacenter-migros.ch
ewfki-wf-t.datacenter-migros.ch
lyncaccess.datacenter-migros.ch
lyncaccess.datacenter-migros.ch
ewfki-kont-t.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch
adeon-gmos-t.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
adeon-gmos.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
adeon-gmos-t.datacenter-migros.ch
*.datacenter-migros.ch
adeon-gmos-t.datacenter-migros.ch
ctxdirector.datacenter-migros.ch
vnexs03a.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
mail1b.datacenter-migros.ch
vnexs04a.datacenter-migros.ch
ewfki-kont-t.datacenter-migros.ch
sts.datacenter-migros.ch
adeon-gmos.datacenter-migros.ch
vnexs02a.datacenter-migros.ch
gmlu-adfs.datacenter-migros.ch
ewfki-wf.datacenter-migros.ch
mail.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch
vnexs04a.datacenter-migros.ch
adeon-gmos-t.datacenter-migros.ch
ctxdirector.datacenter-migros.ch
ewfki-wf-t.datacenter-migros.ch
outlook.migroszh.ch
adeon-gmos.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
ewfki-wf-t.datacenter-migros.ch
identityserver.datacenter-migros.ch
ewfki-wf.datacenter-migros.ch
*.datacenter-migros.ch
sts-s.datacenter-migros.ch
vpn.gmaare.migros.ch
vpn.migrosaare.migros.ch
adeon-gmzh-t.datacenter-migros.ch
*.datacenter-migros.ch
vpn.gmaare.migros.ch
adeon-gmos-t.datacenter-migros.ch
citrix.migroszh.ch
lb.mrd-adfs.datacenter-migros.ch
mail1b.datacenter-migros.ch
sts.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch
ewfki-kont-t.datacenter-migros.ch
lyncaccess.datacenter-migros.ch
netpulse.datacenter-migros.ch
ctxdirector.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
ewfki-wf-t.datacenter-migros.ch
sts.datacenter-migros.ch
*.datacenter-migros.ch
mail.datacenter-migros.ch
citrix.migroszh.ch
vnexs01a.datacenter-migros.ch
lyncaccess.datacenter-migros.ch
mail1b.datacenter-migros.ch
adeon-gmos-t.datacenter-migros.ch
citrix.migroszh.ch
adeon-gmzh.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
sts-s.datacenter-migros.ch
vnexs01a.datacenter-migros.ch
ctxdirector.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch
lyncaccess.datacenter-migros.ch
ba-bern.tac-gateway-servers.datacenter-migros.ch
identityserver.datacenter-migros.ch
storefront.datacenter-migros.ch
lb.mrd-adfs.datacenter-migros.ch
adeon-gmzh.datacenter-migros.ch
*.datacenter-migros.ch
*.datacenter-migros.ch
vsrpa02.datacenter-migros.ch
sts-s.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch
adeon-gmos.datacenter-migros.ch
sts-t.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
mail.datacenter-migros.ch
mail.datacenter-migros.ch
mail1b.datacenter-migros.ch
mail.datacenter-migros.ch
ctxdirector.datacenter-migros.ch
szc.migroszh.ch
revcap.datacenter-migros.ch
p45.migros.ch
mail.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch

Certificate

The complete raw certificate details for gmaa-adfs.datacenter-migros.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIKFFf0xAAAAABhGTANBgkqhkiG9w0BAQUFADA5MQswCQYD
VQQGEwJDSDEPMA0GA1UEChMGTWlncm9zMRkwFwYDVQQDExBNaWdyb3MgQ0EgQ2xh
c3MxMB4XDTExMDQyNjE1MDYxNVoXDTE2MDQyNDE1MDYxNVowWDELMAkGA1UEBhMC
Q0gxDzANBgNVBAoTBk1pZ3JvczEPMA0GA1UECxMGU0VSVkVSMScwJQYDVQQDEx5n
bWFhLWFkZnMuZGF0YWNlbnRlci1taWdyb3MuY2gwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/PeJEtAAxWKxATZ4jUIDJT8I0XqVpdfRoveghxyiLK2NF
EjoRpOMK6KkiHFMNMJIH2q6dEP/Qd6OMnuq/sfy5W3UAa32DJ8/4WL/7gkMP1Q9r
Y4aAPjK7Zk16TXQYOzB/VAgXMeyTUAcx1mZofjGze7PGKrOubney+hCvu3kgHoif
x+XjB3aIGWk7R/HvB2w+KvLz/HP3fD9GE5ptDfY11e+s1FPfl3Y68mgqUlY5nXiK
+ZLg+sKSCgilEZaDeUALM0QknNA6CJ6eN6WG52AS/UsRh8Iu5BU7XhMrsDoUIY0L
sXhXi9i20TNEufyQjXMEZeJQbIvKTvazvAgCE3/jAgMBAAGjggHmMIIB4jALBgNV
HQ8EBAMCBLAwHQYDVR0OBBYEFIOW8p3Zh00eC1zNdoQVKJ/dD2jyMIIBYQYDVR0l
BIIBWDCCAVQGCisGAQQBgjcKAwUGCCsGAQUFBwMIBgorBgEEAYI3FAICBgorBgEE
AYI3CgMGBggrBgEFBQcDBAYKKwYBBAGCNwoDCQYKKwYBBAGCNwoDCgYJKwYBBAGC
NxUFBgorBgEEAYI3CgMHBgorBgEEAYI3CgMBBgorBgEEAYI3CgMCBgorBgEEAYI3
CgMNBgorBgEEAYI3CgYCBgkrBgEEAYI3FQYGCisGAQQBgjcKAwsGCisGAQQBgjcK
BgEGCCsGAQUFBwMHBggrBgEFBQcDBgYIKwYBBQUIAgIGCCsGAQUFBwMFBgsrBgEE
AYI3CgMEAQYKKwYBBAGCNwoDBAYKKwYBBAGCNwoDCAYKKwYBBAGCNwoDDAYJKwYB
BAGCNxUTBgorBgEEAYI3CgUBBggrBgEFBQcDAwYIKwYBBQUHAwIGCisGAQQBgjcU
AgEGCCsGAQUFBwMBME8GA1UdHwRIMEYwRKBCoECGPmxkYXA6Ly9tZXRhZGlyLm1p
Z3Jvcy5jaDozODkvY249bWlncm9zX2NhX2NsYXNzMSxvPW1pZ3JvcyxjPWNoMA0G
CSqGSIb3DQEBBQUAA4IBAQBorNnOovvd3GOhb5wQnOIVEq1Ahve8Qtfv9d5qvIIK
hrUueCNbd4/6V8ffzx+a+GeR1eAY/s4aSiUYLBkdJIhXNt6t0oMd19i5/bWjNyKn
wgWjZZRdZ0fBVY/GNHAy9MRAKL8Prz2iCGB6oWFf1qflBw79L0CepjPgaMFaSDem
IupAh9moBeu9K/G+mcdbwA2WHXWeAnapFBt271yAgJJJ3qR3reA3Xvr0o16dBSRV
OsoHnEmrOuLj/VOvUzW+EGxbAl6wMf1ZlbUHdbZA6zoXSuLGU9sKxyWlB7mmri96
QZSUa2wA69d7uEbb7ZJfi2UJn5sPb7mo8i2Gbp3CYyK9
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvz3iRLQAMVisQE2eI1CA
yU/CNF6laXX0aL3oIccoiytjRRI6EaTjCuipIhxTDTCSB9qunRD/0HejjJ7qv7H8
uVt1AGt9gyfP+Fi/+4JDD9UPa2OGgD4yu2ZNek10GDswf1QIFzHsk1AHMdZmaH4x
s3uzxiqzrm53svoQr7t5IB6In8fl4wd2iBlpO0fx7wdsPiry8/xz93w/RhOabQ32
NdXvrNRT35d2OvJoKlJWOZ14ivmS4PrCkgoIpRGWg3lACzNEJJzQOgienjelhudg
Ev1LEYfCLuQVO14TK7A6FCGNC7F4V4vYttEzRLn8kI1zBGXiUGyLyk72s7wIAhN/
4wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 96069833613846324994329
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Migros'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Migros CA Class1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2011-04-26 15:06:15 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-04-24 15:06:15 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Migros'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SERVER'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'gmaa-adfs.datacenter-migros.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24142032317640234081271875432404518911096041530928811512510256200342048101735625333778946861410559707152964011119388753731662692211784034281672318597395304139495967404978276125237316919502792276537724280377148570029781905920223263808923729330013251574031864757569713433667709692506526924764432707303952454072476899887610008691179545049613736283234813735528634445242509770675151119955804494378958965958129154793300245198824245957634608536780629157050471434402531675439050767110841328678588102788875997006022596297192619225835998583384441680062370002138314903514344733325647692770129880998136782169012781339461098373091
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8396f29dd9874d1e0b5ccd768415289fdd0f68f2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (344 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.5 (whqlCrypto)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.8 (timeStamping)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.2 (smartcardLogon)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.6 (nt5Crypto)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.4 (emailProtection)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.9 (rootListSigner)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.10 (qualifiedSubordination)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.5 (caExchange)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.7 (oemWHQLCrypto)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.1 (certTrustListSigning)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.2 (timeStampSigning)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.13 (lifetimeSigning)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.6.2 (licenseServer)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.6 (keyRecovery)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.11 (keyRecovery)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.6.1 (licenses)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.7 (ipsecUser)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.6 (ipsecTunnel)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.8.2.2 (iKEIntermediate)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.5 (ipsecEndSystem)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.4.1 (efsRecovery)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.4 (encryptedFileSystem)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.8 (embeddedNTCrypto)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.12 (documentSigning)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.19 (dsEmailReplication)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.5.1 (drm)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.3 (codeSigning)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.1 (enrollmentAgent)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (72 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://metadir.migros.ch:389/cn=migros_ca_class1,o=migros,c=ch'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0068acd9cea2fbdddc63a16f9c109ce21512ad4086f7bc42d7eff5de6abc820a86b52e78235b778ffa57c7dfcf1f9af86791d5e018fece1a4a25182c191d24885736deadd2831dd7d8b9fdb5a33722a7c205a365945d6747c1558fc6347032f4c44028bf0faf3da208607aa1615fd6a7e5070efd2f409ea633e068c15a4837a622ea4087d9a805ebbd2bf1be99c75bc00d961d759e0276a9141b76ef5c80809249dea477ade0375efaf4a35e9d0524553aca079c49ab3ae2e3fd53af5335be106c5b025eb031fd5995b50775b640eb3a174ae2c653db0ac725a507b9a6ae2f7a4194946b6c00ebd77bb846dbed925f8b65099f9b0f6fb9a8f22d866e9dc26322bd