depthoffield.universiteitleiden.nl

- Leiden University -

Issued by TERENA SSL CA 3

About this certificate

This digital certificate with serial number 0a:d8:52:cd:de:53:da:55:a6:bb:be:4c:61:5a:dd:4c was issued on by TERENA.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Leiden University

Organization: Leiden University
Locality: Leiden
Country: NL

TERENA

Organization: TERENA
State / Province: Noord-Holland
Locality: Amsterdam
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 0a:d8:52:cd:de:53:da:55:a6:bb:be:4c:61:5a:dd:4c
Serial Number (int): 14415495547460540437212165153601805644
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 69:cd:6d:4e:e3:45:82:4e:f2:ab:e7:1d:3f:da:14:b7:13:fd:f8:16
AuthorityKeyId: 67:fd:88:20:14:27:98:c7:09:d2:25:19:bb:e9:51:11:63:75:50:62

Fingerprint (sha1): e5:a0:8f:b3:04:db:03:b3:2d:f9:71:81:90:6e:f7:b4:d0:b2:38:46
Fingerprint (sha256): 0a:b1:8d:9c:c6:54:85:91:81:b2:0f:26:69:7f:62:84:96:bd:5e:ff:cd:d1:bb:38:52:85:58:85:c5:fa:3a:b7

Issuing Certificate URL: http://cacerts.digicert.com/TERENASSLCA3.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/TERENASSLCA3.crl
CRL Distribution Point: http://crl4.digicert.com/TERENASSLCA3.crl

Check the revocation status for certificate depthoffield.universiteitleiden.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for depthoffield.universiteitleiden.nl

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

depthoffield.universiteitleiden.nl

Other certificates including the domain name universiteitleiden.nl

(limited to 100 certificates)
bachelors.universiteitleiden.nl
scharrelaar-p1.leidenuniv.nl
springoffer.universiteitleiden.nl
weblectures-a.leidenuniv.nl
phdcareerplatform.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
form.services.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
studiegids-p.leidenuniv.nl
ooievaar.web.leidenuniv.nl
scharrelaar-p3.leidenuniv.nl
helpdesk.universiteitleiden.nl
depthoffield.universiteitleiden.nl
aqa.universiteitleiden.nl
acquisitions.library.universiteitleiden.nl
cms-a.universiteitleiden.nl
planon-a.universiteitleiden.nl
web.universiteitleiden.nl
grasparkiet.leidenuniv.nl
aqa.universiteitleiden.nl
trail.universiteitleiden.nl
cms.universiteitleiden.nl
depthoffield.universiteitleiden.nl
www.universiteitleiden.nl
masters.universiteitleiden.nl
sapbo-acc.universiteitleiden.nl
planon-t.universiteitleiden.nl
ooievaar.web.leidenuniv.nl
ask-a-librarian.universiteitleiden.nl
scharrelaar-p3.leidenuniv.nl
presto-a.universiteitleiden.nl
grasparkiet.leidenuniv.nl
webpresentations-a.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
mfa.services.universiteitleiden.nl
mysites.universiteitleiden.nl
bachelors.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
mfa-a.services.universiteitleiden.nl
www.jotform3.leidenuniv.nl
finder.library.universiteitleiden.nl
scriptiebeoordeling-law.universiteitleiden.nl
planon.universiteitleiden.nl
redirectservice.universiteitleiden.nl
wiki.cfer.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
tornado-p-https.web.leidenuniv.nl
wbs.universiteitleiden.nl
tdm.universiteitleiden.nl
video.universiteitleiden.nl
planon.universiteitleiden.nl
aqa.universiteitleiden.nl
lu-card-activeren-a.universiteitleiden.nl
studiegids.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
video.universiteitleiden.nl
helpdesk-o.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
phdcareerplatform.universiteitleiden.nl
planon-a.universiteitleiden.nl
lenteactie.universiteitleiden.nl
aqa.universiteitleiden.nl
acquisitions.library.universiteitleiden.nl
aqa.universiteitleiden.nl
benb.universiteitleiden.nl
aqa.universiteitleiden.nl
aqa.universiteitleiden.nl
topaza-t.leidenuniv.nl
www-r.universiteitleiden.nl
omeroweb.services.universiteitleiden.nl
kokmeeuw.leidenuniv.nl
aqa.universiteitleiden.nl
indonesie.universiteitleiden.nl
gitlab.services.universiteitleiden.nl
scharrelaar-p3.leidenuniv.nl
studyspots.universiteitleiden.nl
mfa-a.services.universiteitleiden.nl
phdcareerplatform.universiteitleiden.nl
grasparkiet.leidenuniv.nl
rooster.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
jatos.services.universiteitleiden.nl
webpresentations.universiteitleiden.nl
bookandbyte.universiteitleiden.nl
hop-qa.leidenuniv.nl
brightspacesupport.universiteitleiden.nl
sshgw01.alice.universiteitleiden.nl
numerusfixus.universiteitleiden.nl
weblectures.leidenuniv.nl
aqa.universiteitleiden.nl
account-a.services.universiteitleiden.nl
p-issc-009996.infra.leidenuniv.nl
jatos-t.services.universiteitleiden.nl
finder.library.universiteitleiden.nl
aqa.universiteitleiden.nl
lithium.liacs.nl
scharrelaar-p1.leidenuniv.nl
depthoffield.universiteitleiden.nl
indonesie.universiteitleiden.nl
aqa.universiteitleiden.nl

Certificate

The complete raw certificate details for depthoffield.universiteitleiden.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHszCCBpugAwIBAgIQCthSzd5T2lWmu75MYVrdTDANBgkqhkiG9w0BAQsFADBk
MQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJ
QW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wg
Q0EgMzAeFw0xOTEyMjMwMDAwMDBaFw0yMjAxMDUxMjAwMDBaMGcxCzAJBgNVBAYT
Ak5MMQ8wDQYDVQQHEwZMZWlkZW4xGjAYBgNVBAoTEUxlaWRlbiBVbml2ZXJzaXR5
MSswKQYDVQQDEyJkZXB0aG9mZmllbGQudW5pdmVyc2l0ZWl0bGVpZGVuLm5sMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0fyQeskdc9BufmxggsL2ZCaT
guTvMOVqxdvzgvLOVKZ9L7dCjWiE030h3VvuCMwsC8aja2Xuk279sG5J1nQPk60+
fkLVBZsy8Bto9yVgQmgaxIONSWJhiETiuowBAeyqXNdIuCqupg8NnVQffyIXwMUa
Gg69iHdtpyVDqz9LYH3OcuCSizPhoeMAS6s1ti6YfBdePS6xb3qCb2yHHI7QFB6+
1bQfWayt8Fno3YKHGiCHqXDYpigw9UaCaua/zutVhsa0WpkAoj2XlXLpUPmAViQR
ONauDEnBvtLzoSegX+mPysIPEmpoNbfBDoIEmmwQzo2dfb6uuehZurfIYLu2iKsa
0Rqja3CBz/Y+akRHTDuZTr7P0k1F07IBorCKJweNgrS3dOgHNL9rSOn5OBbhSca4
d3j5jxD+ClFVycdMjJHASt0VFdxz/1yVSDf/9KTVrcBcQOhb3ePCJZf6nZn2s6gX
opf6LHAIOFXPwq/5cYBDN62uJjEWiquER6fEs5DkbVeEPE4bD8cxVz++oq2Ycecm
4PJ/FGOSkIzCSrXYLnXQV9N5yw4v8kpHKjqeCs2wCEVHZQKmfbNEv3ptaiOoGbIo
HmTLaPbSWfYW7rFovnqPXTLKtRXvcXYlyGGl/r7BPELv7WXC/wQMZgVBo0Hd0o+w
JtEXy3uaV4YqsgcOJRsCAwEAAaOCA1wwggNYMB8GA1UdIwQYMBaAFGf9iCAUJ5jH
CdIlGbvpURFjdVBiMB0GA1UdDgQWBBRpzW1O40WCTvKr5x0/2hS3E/34FjAtBgNV
HREEJjAkgiJkZXB0aG9mZmllbGQudW5pdmVyc2l0ZWl0bGVpZGVuLm5sMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0f
BGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENB
My5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xD
QTMuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0
dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMG4GCCsGAQUFBwEB
BGIwYDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDgGCCsG
AQUFBzAChixodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0Ez
LmNydDAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgCk
uQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAW8yfQgQAAAEAwBHMEUC
IQCeJDQJ3KRKOD0fiKABZu2MFz9TyRviDVKGhB8pLDtdLwIgE19zXkn/FKsH2N1b
wsOkgW4D4Wm8DzomyzKaNljboKoAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDv
lJhV1onQ3QAAAW8yfQidAAAEAwBHMEUCIF8nc7UVj3P4qSTrWkDKJoqWA/IwKPSR
boBlOnNovb5NAiEA4Pd92ey+W+uqvBbtDxAnrTz1+iSbxDq+DRVKtfMHdcAAdQC7
2d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAW8yfQgTAAAEAwBGMEQC
ID1gfdzlTTxhnJ1spRKxaLl2PLm/S0jVaKxOGvzUiuQ4AiBUKL7TD9G3DFxWWsDN
qKxEFfThqUV9DiR3WGp3ptv9tDANBgkqhkiG9w0BAQsFAAOCAQEAwBFuTC4PB30v
XmOrxxjYc2RsKqtH+zeSSIXqV4wYeBlo3ofuY3Dm714nWg9qf8uzQqytDBQV0RGP
OTudrGARVI6axQ1C+Aif4u9xaO4QBCfwjYZ9vb+r0tb64qkfHGt/Lq9YrSPgoR20
SCNXLNSiqLbOLDn4kHZ4jIBh8+5Z81q+xJcoPxHHAOwBU+xCAlnzRSRuIKtS54KP
ZXr+gHo9uskVVlSRKoHBtbZOFBa7yCi/v+QY7HEM8CMztkDqsC2rlOjEEIozTpPy
zaC21ueH9QJAfVC/2gkhYQa3QKBhlYMIUYCob3bj9EkPmrofxEkUVa0SH6n1t2Jt
4wezxmr8uA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0fyQeskdc9BufmxggsL2
ZCaTguTvMOVqxdvzgvLOVKZ9L7dCjWiE030h3VvuCMwsC8aja2Xuk279sG5J1nQP
k60+fkLVBZsy8Bto9yVgQmgaxIONSWJhiETiuowBAeyqXNdIuCqupg8NnVQffyIX
wMUaGg69iHdtpyVDqz9LYH3OcuCSizPhoeMAS6s1ti6YfBdePS6xb3qCb2yHHI7Q
FB6+1bQfWayt8Fno3YKHGiCHqXDYpigw9UaCaua/zutVhsa0WpkAoj2XlXLpUPmA
ViQRONauDEnBvtLzoSegX+mPysIPEmpoNbfBDoIEmmwQzo2dfb6uuehZurfIYLu2
iKsa0Rqja3CBz/Y+akRHTDuZTr7P0k1F07IBorCKJweNgrS3dOgHNL9rSOn5OBbh
Sca4d3j5jxD+ClFVycdMjJHASt0VFdxz/1yVSDf/9KTVrcBcQOhb3ePCJZf6nZn2
s6gXopf6LHAIOFXPwq/5cYBDN62uJjEWiquER6fEs5DkbVeEPE4bD8cxVz++oq2Y
cecm4PJ/FGOSkIzCSrXYLnXQV9N5yw4v8kpHKjqeCs2wCEVHZQKmfbNEv3ptaiOo
GbIoHmTLaPbSWfYW7rFovnqPXTLKtRXvcXYlyGGl/r7BPELv7WXC/wQMZgVBo0Hd
0o+wJtEXy3uaV4YqsgcOJRsCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14415495547460540437212165153601805644
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Noord-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amsterdam'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TERENA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TERENA SSL CA 3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-12-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-01-05 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Leiden'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Leiden University'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'depthoffield.universiteitleiden.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 856670503764588853656568136646117710389163702491094506557774854682850546869390752900956417290859422045315589756573340548412504178795196024468704742999907566579564589563735926120471136078465203218066804327829376381506920524584844831559801621746012737136264592597485062048510155718252248943773696955090320907672013249607443733491663830465133273663275212838404617516317715795745589511865879590413465662562795779677256226060713393026560593786142934925113480684791172633754300997730974531983294627501376117614261827824229809936548198744036898031859664195861640513103383050062247328520073620290337375722406683698761431381408048251261035327020219883292164207999505873953180455480189561981268279124430740084950436041105653360229547501078236301062448163963650914465101010324072132756262224728884136401610399125679050426442453022367399230642244334780488236256215081308318213895971930256881690522320176202051449655201631476158570340447970573364481469200897269934773264324615457540564477992487899031843197375073695034000855910948639124226514971293520137312582908827980100974644299033523170208907843374937403217087843808567804159157975006371027821651483903879634441005396459845184470165233157397026365492867463970756715322692297254470204775081243
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 67fd8820142798c709d22519bbe9511163755062
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							69cd6d4ee345824ef2abe71d3fda14b713fdf816
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'depthoffield.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/TERENASSLCA3.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/TERENASSLCA3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (98 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/TERENASSLCA3.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016f327d081000000403004730450221009e243409dca44a383d1f88a00166ed8c173f53c91be20d5286841f292c3b5d2f0220135f735e49ff14ab07d8dd5bc2c3a4816e03e169bc0f3a26cb329a3658dba0aa0076005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000016f327d089d000004030047304502205f2773b5158f73f8a924eb5a40ca268a9603f23028f4916e80653a7368bdbe4d022100e0f77dd9ecbe5bebaabc16ed0f1027ad3cf5fa249bc43abe0d154ab5f30775c0007500bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016f327d0813000004030046304402203d607ddce54d3c619c9d6ca512b168b9763cb9bf4b48d568ac4e1afcd48ae43802205428bed30fd1b70c5c565ac0cda8ac4415f4e1a9457d0e2477586a77a6dbfdb4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00c0116e4c2e0f077d2f5e63abc718d873646c2aab47fb37924885ea578c18781968de87ee6370e6ef5e275a0f6a7fcbb342acad0c1415d1118f393b9dac6011548e9ac50d42f8089fe2ef7168ee100427f08d867dbdbfabd2d6fae2a91f1c6b7f2eaf58ad23e0a11db44823572cd4a2a8b6ce2c39f89076788c8061f3ee59f35abec497283f11c700ec0153ec420259f345246e20ab52e7828f657afe807a3dbac9155654912a81c1b5b64e1416bbc828bfbfe418ec710cf02333b640eab02dab94e8c4108a334e93f2cda0b6d6e787f502407d50bfda09216106b740a0619583085180a86f76e3f4490f9aba1fc4491455ad121fa9f5b7626de307b3c66afcb8