oauth.postfinance.ch

- PostFinance AG -

Issued by SwissSign RSA TLS OV ICA 2022 - 1

About this certificate

This digital certificate with serial number 2b:de:d9:f3:a7:da:62:5a:87:0f:d1:32:d2:61:d5:18:f4:7d:3d:04 was issued on by SwissSign AG.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

PostFinance AG

Organization: PostFinance AG
State / Province: BE
Locality: Bern
Country: CH

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 2b:de:d9:f3:a7:da:62:5a:87:0f:d1:32:d2:61:d5:18:f4:7d:3d:04
Serial Number (int): 250456354857276242500731980658777672016344202500
Serial Number lenght: 158 bits, 20 octets

SubjectKeyId: 29:2a:f4:c8:e2:44:84:f9:4d:e6:aa:7a:f8:27:2b:a2:5d:22:9f:a2
AuthorityKeyId: 7c:6f:0a:6f:13:0f:d9:8c:24:6f:26:34:f3:5c:6b:43:6d:b7:23:b6

Fingerprint (sha1): c1:4a:a3:67:3c:a1:e4:cf:eb:21:ae:7b:f3:3b:87:13:b0:b5:9c:80
Fingerprint (sha256): 06:e1:ea:5b:b0:a1:1d:b4:ef:06:4b:3c:0e:4d:67:45:41:c2:b7:07:e4:8b:6f:c8:28:98:75:de:a0:16:e8:c9

Issuing Certificate URL: http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34

Check the revocation status for certificate oauth.postfinance.ch

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for oauth.postfinance.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

oauth.postfinance.ch

Other certificates including the domain name postfinance.ch

(limited to 100 certificates)
www.postfinance.ch
e-archiv.postfinance.ch
aliasreg.postfinance.ch
e-finance.postfinance.ch
jobs.postfinance.ch
pfportalmo.postfinance.ch
csgw-test.postfinance.ch
proof.doc-shop.postfinance.ch
commercioestero.postfinance.ch
egw-test.postfinance.ch
e-payment.postfinance.ch
pfsb-admin-test.postfinance.ch
sventest.postfinance.ch
claims.versicherungen.postfinance.ch
youth.postfinance.ch
pfportalext-test.postfinance.ch
sgtm.postfinance.ch
sipskypebe.post.ch
partnerteststatus.postfinance.ch
pfsb-admin-test.postfinance.ch
smartbusiness.postfinance.ch
onlinehypothek-test.postfinance.ch
www-poc-test.postfinance.ch
plano.postfinance.ch
mapps-test.postfinance.ch
www.wcm-test.postfinance.ch
www.doc-shop.postfinance.ch
testplattform.postfinance.ch
oauth.postfinance.ch
privatkredit-peprod.postfinance.ch
www.postfinance.ch
ok-api-test.postfinance.ch
dev.plusfinance.postfinance.ch
outlook.post.ch
benefit.postfinance.ch
egw.postfinance.ch
versicherungen.postfinance.ch
ebics-test.postfinance.ch
sventest.postfinance.ch
pfsb-test.postfinance.ch
universal-t2.postfinance.ch
egw-test.postfinance.ch
3dsec.postfinance.ch
dev.tilbago.postfinance.ch
partnerteststatus.postfinance.ch
pfportalmo.postfinance.ch
sipskypebe.post.ch
ep2test2.postfinance.ch
dev.young.postfinance.ch
tilbago.postfinance.ch
statusitservices.postfinance.ch
events-test.postfinance.ch
digitalpfc.int.postfinance.ch
pfportalmo-test.postfinance.ch
sventest.postfinance.ch
survalyzer.postfinance.ch
pizzaportfolio.postfinance.ch
m.commercioestero.postfinance.ch
rivista.postfinance.ch
ai.ep2.postfinance.ch
ef-t2.postfinance.ch
jira-dev.postfinance.ch
epayment.postfinance.ch
www-test.postfinance.ch
sandbox1.postfinance.ch
sandbox1.postfinance.ch
collector-test.postfinance.ch
mapps-test.postfinance.ch
sventest.postfinance.ch
egw.postfinance.ch
hosting.postfinance.ch
nladh-t2.postfinance.ch
aussenhandel.postfinance.ch
plano.postfinance.ch
epayment.postfinance.ch
yellowpay.postfinance.ch
universal.postfinance.ch
nlsec.postfinance.ch
challengethefuture.postfinance.ch
skypeweb.post.ch
pfsb.postfinance.ch
plano.postfinance.ch
pfportalmo.postfinance.ch
events-test.postfinance.ch
csgw-t2.postfinance.ch
ep2test.postfinance.ch
epayment-test.postfinance.ch
dev.magazine.postfinance.ch
mapps.postfinance.ch
ef-t2.postfinance.ch
universal.postfinance.ch
meet.post.ch
young.postfinance.ch
epayment.postfinance.ch
www-test.postfinance.ch
pfportalmo-test.postfinance.ch
e-trading.postfinance.ch
www-test.postfinance.ch
www-poc-test.postfinance.ch
pfportalext-test.postfinance.ch

Certificate

The complete raw certificate details for oauth.postfinance.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGYzCCBEugAwIBAgIUK97Z86faYlqHD9Ey0mHVGPR9PQQwDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgT1YgSUNBIDIwMjIgLSAxMB4XDTI0MDMxMjA2
NDUyMloXDTI1MDMxMjA2NDUyMlowYTELMAkGA1UEBhMCQ0gxCzAJBgNVBAgMAkJF
MQ0wCwYDVQQHDARCZXJuMRcwFQYDVQQKDA5Qb3N0RmluYW5jZSBBRzEdMBsGA1UE
AxMUb2F1dGgucG9zdGZpbmFuY2UuY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDXAgILaPw+tqiOKj7+kCikaYiGtqDbKYXxJeRVKuKdeS5GjYa3m5MJ
WB7CNitICHajTyeyNkh244eGU2SW8saOuG00izStPM0pwpKBPjdnVoyVjH8dtCgH
5QBvubAxEpBRB4QG+u2F52pAtznI9vJBPGacqnof71OoFusQTHd5UmE/7cpeXsph
zilMYdxhAOB+PhrKEdAXdF7sY0LPEwC6LuqkmX1bKSWzHPcLqtKhBzndjNyZVs4A
cDsnWSqkG6uMwbVTAJ9FBnrZh2LltDFmyWBnZPu+H9XMHLd10bIrtzusRpwl4wTI
lPl0nEZPvg10yqjitUsitnkJCrlNrlztAgMBAAGjggIiMIICHjCBsgYIKwYBBQUH
AQEEgaUwgaIwTAYIKwYBBQUHMAKGQGh0dHA6Ly9haWEuc3dpc3NzaWduLmNoL2Fp
ci0wZjJiZjlhNS1kZDM3LTQ4YzktYTg1Yi0xMmFjZGNiOGJlNDUwUgYIKwYBBQUH
MAGGRmh0dHA6Ly9vY3NwLnN3aXNzc2lnbi5jaC9zaWduL29jcy1hYWNjY2VkNS02
NmU4LTQwNjktOWIxYi1mZDI5YWI3M2VmZWMwbwYDVR0gBGgwZjAIBgZngQwBAgIw
CAYGBACPegEHMFAGCGCFdAFZAgECMEQwQgYIKwYBBQUHAgEWNmh0dHBzOi8vcmVw
b3NpdG9yeS5zd2lzc3NpZ24uY29tL1N3aXNzU2lnbl9DUFNfVExTLnBkZjBRBgNV
HR8ESjBIMEagRKBChkBodHRwOi8vY3JsLnN3aXNzc2lnbi5jaC9jZHAtOTZiNjJm
NWEtNmI3My00ZGE0LTg3ZjctY2U0MDAyYzFjZDM0MB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0RBBgwFoIUb2F1dGgu
cG9zdGZpbmFuY2UuY2gwHQYDVR0OBBYEFCkq9MjiRIT5TeaqevgnK6JdIp+iMB8G
A1UdIwQYMBaAFHxvCm8TD9mMJG8mNPNca0NttyO2MBMGCisGAQQB1nkCBAMBAf8E
AgUAMA0GCSqGSIb3DQEBCwUAA4ICAQB2wrGw0spGHEBjIASIGjiIySyxdT/KIFP0
rjfqHEJfBF+SPcH1HCYVy2aNy3jLZfYcc1UcOSlHeyYI95lVvtkY10NrlaTrC779
famH9IC+9rXgfRKKGxiPTOXBMvc5gFIlxKoXwl9WiDULHGZt0sNhcOeQ1Y0PRQ7h
JXjtCgMbAMkKLLjiDtcC/Ml9sIgNtM7UdmHD4LoTKznH32hUF6bed9cNwwkO764M
OSSP3lnR5AH0hLD1EdySqVuTMKuD9fYVJ9lYZQEVCDrF5OazWjg91hyRRQ3nKiID
G/OuGAzbevRSHkSnq/EiJOmUmQfcyZpnNey+0jMdIVYUACj5CwPsqufBZW+Zu5GK
91N9qHppmQSDj2Kdv65GkE92sYiZjWuDVc+Fivg8CiPUgdo34WmGoaZlIYGBCIuE
ArV8iNLdwQvqwVHtZXwBBgzz2Y/pZMIWVxjGwGSPo0PlJyyCJSMcJU6vxoinDkkQ
K6Xa9rK/3+3CIEUnWizTWLaxYnsgPpr+6z+O61SpF2oLRRSS/nFwzLu/vtPnh7Cb
ieaBEXrKFTR0FF/LngGWCSnrsYLkwLIcHxhqL5I2k1bJYKKpRf2gRI1uFP9zoSG4
KsiOK7/1wZXHOJ5HqCJewGMlTkIXltmkZsWG7ih+VNrVhzoj7fZFNjMBF6DYaHFl
kwafj/SPiw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wICC2j8Praojio+/pAo
pGmIhrag2ymF8SXkVSrinXkuRo2Gt5uTCVgewjYrSAh2o08nsjZIduOHhlNklvLG
jrhtNIs0rTzNKcKSgT43Z1aMlYx/HbQoB+UAb7mwMRKQUQeEBvrthedqQLc5yPby
QTxmnKp6H+9TqBbrEEx3eVJhP+3KXl7KYc4pTGHcYQDgfj4ayhHQF3Re7GNCzxMA
ui7qpJl9Wyklsxz3C6rSoQc53YzcmVbOAHA7J1kqpBurjMG1UwCfRQZ62Ydi5bQx
ZslgZ2T7vh/VzBy3ddGyK7c7rEacJeMEyJT5dJxGT74NdMqo4rVLIrZ5CQq5Ta5c
7QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 250456354857276242500731980658777672016344202500
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS OV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-12 06:45:22 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-12 06:45:22 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Bern'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'PostFinance AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'oauth.postfinance.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27142225742801512042918792504783933475457885140923717756334738145970059996417833094772578802437748818115590845777141727103966332104814346175656001941902998502157206532095514482766896605588240774357350066878530997378441613181135495065755253168468307828275533515278798784451927426618952105554079946569391707529449908140927670659474551925984988124907895936961076206909273144759729367725702453191605692575408805221465204245055755531266242818764157668450138136793070730687520524958302440256848063545163541845195180067921175229433140052634328347569046466144532891270066330692115870261305655966765727159370287321368247557357
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oauth.postfinance.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							292af4c8e24484f94de6aa7af8272ba25d229fa2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 7c6f0a6f130fd98c246f2634f35c6b436db723b6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0076c2b1b0d2ca461c40632004881a3888c92cb1753fca2053f4ae37ea1c425f045f923dc1f51c2615cb668dcb78cb65f61c73551c3929477b2608f79955bed918d7436b95a4eb0bbefd7da987f480bef6b5e07d128a1b188f4ce5c132f739805225c4aa17c25f5688350b1c666dd2c36170e790d58d0f450ee12578ed0a031b00c90a2cb8e20ed702fcc97db0880db4ced47661c3e0ba132b39c7df685417a6de77d70dc3090eefae0c39248fde59d1e401f484b0f511dc92a95b9330ab83f5f61527d958650115083ac5e4e6b35a383dd61c91450de72a22031bf3ae180cdb7af4521e44a7abf12224e9949907dcc99a6735ecbed2331d2156140028f90b03ecaae7c1656f99bb918af7537da87a699904838f629dbfae46904f76b188998d6b8355cf858af83c0a23d481da37e16986a1a665218181088b8402b57c88d2ddc10beac151ed657c01060cf3d98fe964c2165718c6c0648fa343e5272c8225231c254eafc688a70e49102ba5daf6b2bfdfedc22045275a2cd358b6b1627b203e9afeeb3f8eeb54a9176a0b451492fe7170ccbbbfbed3e787b09b89e681117aca153474145fcb9e01960929ebb182e4c0b21c1f186a2f92369356c960a2a945fda0448d6e14ff73a121b82ac88e2bbff5c195c7389e47a8225ec063254e421796d9a466c586ee287e54dad5873a23edf64536330117a0d868716593069f8ff48f8b