p22-ssl-client-fi-hcm.kaufland.com

- Kaufland Stiftung & Co. KG -

Issued by SwissSign RSA TLS OV ICA 2022 - 1

About this certificate

This digital certificate with serial number 42:88:46:16:88:ca:c7:27:0a:23:7f:56:b1:2b:f1:21:98:98:80:db was issued on by SwissSign AG.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Kaufland Stiftung & Co. KG

Organization: Kaufland Stiftung & Co. KG
State / Province: BW
Locality: Neckarsulm
Country: DE

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 42:88:46:16:88:ca:c7:27:0a:23:7f:56:b1:2b:f1:21:98:98:80:db
Serial Number (int): 379832397749428759509267635963187726250591944923
Serial Number lenght: 159 bits, 20 octets

SubjectKeyId: 2b:b8:a2:fb:db:bb:43:41:6f:ec:64:b4:11:cd:90:24:e3:74:8b:22
AuthorityKeyId: 7c:6f:0a:6f:13:0f:d9:8c:24:6f:26:34:f3:5c:6b:43:6d:b7:23:b6

Fingerprint (sha1): e5:fc:df:22:27:a9:e9:95:56:4b:6d:d3:75:0b:f4:73:cb:db:23:fc
Fingerprint (sha256): 02:3f:1e:81:8c:d3:09:43:7e:3a:09:3c:7d:92:10:9f:76:92:79:71:6d:e0:c2:77:4a:1e:f5:fc:3d:b2:5e:ae

Issuing Certificate URL: http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34

Check the revocation status for certificate p22-ssl-client-fi-hcm.kaufland.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for p22-ssl-client-fi-hcm.kaufland.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.p22-ssl-client-fi-hcm.kaufland.com
p22-ssl-client-fi-hcm.kaufland.com

Other certificates including the domain name kaufland.com

(limited to 100 certificates)
iqpim.kaufland.com
ssl2.ipaper.io
ssl.ipaper.io
ssl.ipaper.io
media.kaufland.com
p22-ssl-client-fi-hcm.kaufland.com
ssl2.ipaper.io
mobsot02.kaufland.com
ssl.ipaper.io
pim.kaufland.com
ssl2.ipaper.io
ssl.ipaper.io
at2-ssl-client-fi-hcm.kaufland.com
se1-ucexe-p014.uc.schwarz
ssl2.ipaper.io
portal.eu.kaufland.com
qs2-ssl-client-fi-hcm.kaufland.com
iapim.kaufland.com
kaufland-blumen.de
asset.kaufland.com
*.ipaper.io
ssl.ipaper.io
ssl.ipaper.io
remote.au.kaufland.com
www-pc.kaufland.com
ssl3.ipaper.io
ssl2.ipaper.io
ssl2.ipaper.io
*.ipaper.io
media-q.kaufland.com
media.kaufland.com
se1-ucexe-p011.uc.schwarz
ssl.ipaper.io
ssl3.ipaper.io
ssl2.ipaper.io
*.ipaper.io
test-hr-portal.kaufland.com
portal.eu.kaufland.com
www-ac.kaufland.com
giftcard-q.kaufland.com
portal.eu.kaufland.com
se1-ucexe-p014.uc.schwarz
ssl2.ipaper.io
www-q.kaufland.com
connect-app.kaufland.com
ssl.ipaper.io
media.kaufland.com
ssl.ipaper.io
ssl.ipaper.io
ssl2.ipaper.io
ssl.ipaper.io
*.leaflets.kaufland.com
media.kaufland.com
iqpim.kaufland.com
assets.kaufland.com
ssl.ipaper.io
ssl.ipaper.io
*.ipaper.io
filex-test.kaufland.com
ssl.ipaper.io
ssl.ipaper.io
jobs.kaufland.com
secmail.kaufland.com
account.kaufland.com
ssl2.ipaper.io
ssl.ipaper.io
*.ipaper.io
webassets.kaufland.com
account.kaufland.com
www-ec.kaufland.com
asset.kaufland.com
*.leaflets.kaufland.com
account-qs.kaufland.com
*.kaufland.com
www-fc.kaufland.com
kauf.land
*.ipaper.io
www-p.kaufland.com
kaufland.com
*.ipaper.io
ssl2.ipaper.io
dam.kaufland.com
se1-ucexe-p013.uc.schwarz
remote.cz.kaufland.com
www-q.kaufland.com
www-ac.kaufland.com
*.ipaper.io
mobsot.kaufland.com
*.ipaper.io
ssl.ipaper.io
eu.limo.remote.schwarz
jobs.kaufland.com
doa.kaufland.com
ssl.ipaper.io
ssl.ipaper.io
www-q.kaufland.com
remote.eu.kaufland.com
ssl.ipaper.io
www-qc.kaufland.com
www-pc.kaufland.com

Certificate

The complete raw certificate details for p22-ssl-client-fi-hcm.kaufland.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJGDCCBwCgAwIBAgIUQohGFojKxycKI39WsSvxIZiYgNswDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgT1YgSUNBIDIwMjIgLSAxMB4XDTI0MDIyOTEx
MDY0NFoXDTI1MDIyODExMDY0NFowgYExCzAJBgNVBAYTAkRFMQswCQYDVQQIDAJC
VzETMBEGA1UEBwwKTmVja2Fyc3VsbTEjMCEGA1UECgwaS2F1ZmxhbmQgU3RpZnR1
bmcgJiBDby4gS0cxKzApBgNVBAMTInAyMi1zc2wtY2xpZW50LWZpLWhjbS5rYXVm
bGFuZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKsRwqrmwV
cm5pJ0/ca8dGyheZTu6/fy8/xG0j4ScRU5eJXpLeu3UbwUGIyer1Z3DAZxnq8zXb
zMbP0zCgcIwbK+728k5xtugAgYFXLNVmPp49U6NWxZTta9N0UfEwmwPKlaDX0yfK
oA7/hBetvE82WZrPYgfhvOt5VJsqC3XkGXcmjxF/wZdQtbead8Ou/lFS3r3oxSoP
nbDBcYKhEs6xaJMrZ9DWE/ldA3gbJSxrMB1JN+MsOHrhutdyC34HptumZEZbrXT2
1EtNb4VOn0ZNPwnXiDwk39QkjgJ/LxytKsGui4qNTwEUcsP5LBRLDPqlKiqrG7sV
g9HFyLkstVyRAgMBAAGjggS2MIIEsjCBsgYIKwYBBQUHAQEEgaUwgaIwTAYIKwYB
BQUHMAKGQGh0dHA6Ly9haWEuc3dpc3NzaWduLmNoL2Fpci0wZjJiZjlhNS1kZDM3
LTQ4YzktYTg1Yi0xMmFjZGNiOGJlNDUwUgYIKwYBBQUHMAGGRmh0dHA6Ly9vY3Nw
LnN3aXNzc2lnbi5jaC9zaWduL29jcy1hYWNjY2VkNS02NmU4LTQwNjktOWIxYi1m
ZDI5YWI3M2VmZWMwbwYDVR0gBGgwZjAIBgZngQwBAgIwCAYGBACPegEHMFAGCGCF
dAFZAgECMEQwQgYIKwYBBQUHAgEWNmh0dHBzOi8vcmVwb3NpdG9yeS5zd2lzc3Np
Z24uY29tL1N3aXNzU2lnbl9DUFNfVExTLnBkZjBRBgNVHR8ESjBIMEagRKBChkBo
dHRwOi8vY3JsLnN3aXNzc2lnbi5jaC9jZHAtOTZiNjJmNWEtNmI3My00ZGE0LTg3
ZjctY2U0MDAyYzFjZDM0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAO
BgNVHQ8BAf8EBAMCBaAwVQYDVR0RBE4wTIImd3d3LnAyMi1zc2wtY2xpZW50LWZp
LWhjbS5rYXVmbGFuZC5jb22CInAyMi1zc2wtY2xpZW50LWZpLWhjbS5rYXVmbGFu
ZC5jb20wHQYDVR0OBBYEFCu4ovvbu0NBb+xktBHNkCTjdIsiMB8GA1UdIwQYMBaA
FHxvCm8TD9mMJG8mNPNca0NttyO2MIICbwYKKwYBBAHWeQIEAgSCAl8EggJbAlkA
dgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAY30i5PgAAAEAwBH
MEUCIE1YWwLtKWJSVh2btJfpB0L0ol41T+b3fuyaFJgVwph5AiEAl1/mbihZdgV9
RLtR9a1gaOae+FGEIByHkgACAWVpoGQAdgAo4oE4/YMhRemp1qp1N22Dd6iFErPA
f3JBSCHcvemMZgAAAY30i5YIAAAEAwBHMEUCIDU007ATwVton71s00xgeP5mYPJ6
gMy++eryWaQMgjAsAiEAjvH84TovZx70XmKWa9rf/bPYqUCrcgCQGCaeglwqPDsA
dwDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAY30i5K1AAAEAwBI
MEYCIQCWa20Z2HjwLGfTiNEh1u1934Ey1EhkbgcHBUb+L9EteQIhAI9n0Bb7HQn5
ikYyFxn85JtAk2LIAz6QuCmP9wAE5vm8AHYAzPsPaoVxCWX+lZtTzumyfCLphVwN
l422qX5UwP5MDbAAAAGN9IuTEgAABAMARzBFAiEAqBmU7OaLYaNqx/r40smaldYW
12hqJnqVQ6PFwLcxZb0CIHeRe2GgJOZXKz11EAWfpiJJxiuxtK3MNzIPFzVaJ1xc
AHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGN9IuS8QAABAMA
RzBFAiEA7aviYnpcpo3EnL9ZT8+6k76EOpYdqJUwliKE9anovoACIDk4bLe2wnAk
TqM1KjLoOrjMrnwDiiWHSTVnyGzg3yfEMA0GCSqGSIb3DQEBCwUAA4ICAQBDuZgS
81dq65X03eD2quuQfwwR6bc7q6EV7P2sgwNjolvtd5G0H5A3stx/g1BPXV84W6ot
BoE8LaNLH86u7mFyzvqC/jzNfY7TdPjD+PB/xfrk6it9i3oLhHniYOIWXxrg7o4R
bqSH+JhSs+D/+hx+S7HokaglI8EjGsIbPQjC5z7pjAVjzA9vnlj7TWEqiMgLrEts
9qFWgTAWPsQEkv4BkaN2nDkl+PsRILOOhD+bjL3V1yvelTfaLU0XNA3wYE6axPZp
7QJRCq187UJIssz/9DNNtsVOQkDVkiNPKTWvH6H9bhLdc1RfeizmQdcQA8Z1d5iM
/8cFqxEWiK3KB5RTp+hRA6wdSNoVCnnkzJJuvoTvDA73De+84ca6ZQULEGQCfH7a
SGZ1MkbMQQqyWHHq5tIG9k+C8VFu2PaemFmzJTe4dH5/uNSsBV5sKhvqiZvOG4b7
7n/9yzm+AeAbPYB0XMfQEOMUbeCuPMvNFUr1Jb+awpCKmlvw6tDixyJCx5M2lESD
OsxWcJmhabTwbrxSVypcqv7PVXv4gyO8kedfTnQTqlbTnjXkXYI7Q0A907ToyFip
MceYApen3R0R8h+/AXSfhwOBthFmiBHqpPaMhRUeJEulZ2Vc27S05blYz2SVRyVD
a9yl2zl9bhimcXWWKQpLxeMhgMRHkzOzkvJaSg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirEcKq5sFXJuaSdP3GvH
RsoXmU7uv38vP8RtI+EnEVOXiV6S3rt1G8FBiMnq9WdwwGcZ6vM128zGz9MwoHCM
Gyvu9vJOcbboAIGBVyzVZj6ePVOjVsWU7WvTdFHxMJsDypWg19MnyqAO/4QXrbxP
Nlmaz2IH4bzreVSbKgt15Bl3Jo8Rf8GXULW3mnfDrv5RUt696MUqD52wwXGCoRLO
sWiTK2fQ1hP5XQN4GyUsazAdSTfjLDh64brXcgt+B6bbpmRGW6109tRLTW+FTp9G
TT8J14g8JN/UJI4Cfy8crSrBrouKjU8BFHLD+SwUSwz6pSoqqxu7FYPRxci5LLVc
kQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 379832397749428759509267635963187726250591944923
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS OV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-29 11:06:44 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-28 11:06:44 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'BW'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Neckarsulm'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Kaufland Stiftung & Co. KG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'p22-ssl-client-fi-hcm.kaufland.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17508222294332701642461324602104185527725294538203452747254873521787102415812608060985323349366588948039123256005063077486616226550169033348718350418094046978165801261528980061564405977067220555091446720211253942539656544267794738421320536337052116243848161599358647185952495281755691930118790963615060458348885176998629598632946735133530209606423854686820777626531730772484758323951985091005789543768764233314130499918133385324815901239508514959269132487131418216479040737784680487414831714591928430539790803855238331265355576936302007796800593092183055066069750097637222134128127235772586904213635037585036081978513
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (78 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.p22-ssl-client-fi-hcm.kaufland.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'p22-ssl-client-fi-hcm.kaufland.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2bb8a2fbdbbb43416fec64b411cd9024e3748b22
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 7c6f0a6f130fd98c246f2634f35c6b436db723b6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (607 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (603 bytes)
							02590076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000018df48b93e0000004030047304502204d585b02ed296252561d9bb497e90742f4a25e354fe6f77eec9a149815c29879022100975fe66e285976057d44bb51f5ad6068e69ef85184201c87920002016569a06400760028e28138fd832145e9a9d6aa75376d8377a88512b3c07f72414821dcbde98c660000018df48b9608000004030047304502203534d3b013c15b689fbd6cd34c6078fe6660f27a80ccbef9eaf259a40c82302c0221008ef1fce13a2f671ef45e62966bdadffdb3d8a940ab72009018269e825c2a3c3b007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018df48b92b50000040300483046022100966b6d19d878f02c67d388d121d6ed7ddf8132d448646e07070546fe2fd12d790221008f67d016fb1d09f98a46321719fce49b409362c8033e90b8298ff70004e6f9bc007600ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000018df48b93120000040300473045022100a81994ece68b61a36ac7faf8d2c99a95d616d7686a267a9543a3c5c0b73165bd022077917b61a024e6572b3d7510059fa62249c62bb1b4adcc37320f17355a275c5c0076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018df48b92f10000040300473045022100edabe2627a5ca68dc49cbf594fcfba93be843a961da89530962284f5a9e8be80022039386cb7b6c270244ea3352a32e83ab8ccae7c038a2587493567c86ce0df27c4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0043b99812f3576aeb95f4dde0f6aaeb907f0c11e9b73baba115ecfdac830363a25bed7791b41f9037b2dc7f83504f5d5f385baa2d06813c2da34b1fceaeee6172cefa82fe3ccd7d8ed374f8c3f8f07fc5fae4ea2b7d8b7a0b8479e260e2165f1ae0ee8e116ea487f89852b3e0fffa1c7e4bb1e891a82523c1231ac21b3d08c2e73ee98c0563cc0f6f9e58fb4d612a88c80bac4b6cf6a1568130163ec40492fe0191a3769c3925f8fb1120b38e843f9b8cbdd5d72bde9537da2d4d17340df0604e9ac4f669ed02510aad7ced4248b2ccfff4334db6c54e4240d592234f2935af1fa1fd6e12dd73545f7a2ce641d71003c67577988cffc705ab111688adca079453a7e85103ac1d48da150a79e4cc926ebe84ef0c0ef70defbce1c6ba65050b1064027c7eda4866753246cc410ab25871eae6d206f64f82f1516ed8f69e9859b32537b8747e7fb8d4ac055e6c2a1bea899bce1b86fbee7ffdcb39be01e01b3d80745cc7d010e3146de0ae3ccbcd154af525bf9ac2908a9a5bf0ead0e2c72242c793369444833acc567099a169b4f06ebc52572a5caafecf557bf88323bc91e75f4e7413aa56d39e35e45d823b43403dd3b4e8c858a931c7980297a7dd1d11f21fbf01749f870381b611668811eaa4f68c85151e244ba567655cdbb4b4e5b958cf64954725436bdca5db397d6e18a6717596290a4bc5e32180c4479333b392f25a4a