idp.bsz-bw.de

- Bibliotheksservice-Zentrum Baden-Wuerttemberg -

Issued by BSZ-BW CA - G02

About this certificate

This digital certificate with serial number 18:00:1a:a8:05:5b:70 was issued on by Bibliotheksservice-Zentrum Baden-Wuerttemberg.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [ContentCommitment DigitalSignature KeyEncipherment] (00000111) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Bibliotheksservice-Zentrum Baden-Wuerttemberg

Organization: Bibliotheksservice-Zentrum Baden-Wuerttemberg
Organization unit: Webserver
State / Province: Baden-Wuerttemberg
Locality: Konstanz
Country: DE

Bibliotheksservice-Zentrum Baden-Wuerttemberg

Organization: Bibliotheksservice-Zentrum Baden-Wuerttemberg
Country: DE

This certificate has expire since

Certificate Details

Serial Number (hex): 18:00:1a:a8:05:5b:70
Serial Number (int): 6755513929128816
Serial Number lenght: 53 bits, 7 octets

SubjectKeyId: f4:ac:36:8c:2c:61:3e:2a:14:39:99:64:d6:1f:8a:2d:e1:2e:22:1e
AuthorityKeyId: 29:ad:00:de:cb:66:e5:1f:de:aa:8d:6d:ec:9c:b4:42:fe:fb:9b:21

Fingerprint (sha1): 56:30:3c:5b:3e:7d:a4:86:d4:97:b0:27:dd:2b:23:d2:14:4f:57:40
Fingerprint (sha256): 0b:d2:f3:ce:4e:6e:4c:8d:96:02:78:8f:2e:b2:16:e9:b4:a5:4a:ad:dc:c0:2f:72:e4:78:be:b9:54:81:16:a7

Issuing Certificate URL: http://cdp1.pca.dfn.de/bsz-bw-ca/pub/cacert/g_cacert.crt
Issuing Certificate URL: http://cdp2.pca.dfn.de/bsz-bw-ca/pub/cacert/g_cacert.crt

Revocation information

OCSP Server: http://ocsp.pca.dfn.de/OCSP-Server/OCSP
CRL Distribution Point: http://cdp1.pca.dfn.de/bsz-bw-ca/pub/crl/g_cacrl.crl
CRL Distribution Point: http://cdp2.pca.dfn.de/bsz-bw-ca/pub/crl/g_cacrl.crl

Check the revocation status for certificate idp.bsz-bw.de

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for idp.bsz-bw.de

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Content Commitment
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

idp.bsz-bw.de

Other certificates including the domain name bsz-bw.de

(limited to 100 certificates)
fuji.bsz-bw.de
archiv.bsz-bw.de
ffb.bsz-bw.de
k3.bsz-bw.de
asterix.bsz-bw.de
toronto.bsz-bw.de
dl05test.bsz-bw.de
webpac7.bsz-bw.de
koha01.bsz-bw.de
opus4.bsz-bw.de
kopac.bsz-bw.de
caracas.bsz-bw.de
dbprod.bsz-bw.de
bvfg.bsz-bw.de
repos02.bsz-bw.de
webpac6.bsz-bw.de
mare01test.bsz-bw.de
opus4.bsz-bw.de
seminar-esslingen.bsz-bw.de
ffb.bsz-bw.de
london.bsz-bw.de
bosstest.bsz-bw.de
www.bsz-bw.de
mfo.bsz-bw.de
webpac1.bsz-bw.de
dl04.bsz-bw.de
matomo.bsz-bw.de
zfl.bsz-bw.de
gvi1.bsz-bw.de
idp.bsz-bw.de
iris.bsz-bw.de
zfl-test.bsz-bw.de
lachesis.bsz-bw.de
webpac9.bsz-bw.de
hsportal.bsz-bw.de
wikitest.bsz-bw.de
swbtestproxy.bsz-bw.de
gvi2.bsz-bw.de
hsg.bsz-bw.de
hs-lorsch.bsz-bw.de
sehn.bsz-bw.de
repos02.bsz-bw.de
ffb.bsz-bw.de
biberkopf.bsz-bw.de
bibsysteme.bsz-bw.de
wiki.bsz-bw.de
portal19.bsz-bw.de
repos.bsz-bw.de
eh-freiburgt.bsz-bw.de
bodensee.bsz-bw.de
opusdev.bsz-bw.de
swbplus.bsz-bw.de
windhoek.bsz-bw.de
gvi1.bsz-bw.de
karachi.bsz-bw.de
hfjs.bsz-bw.de
tbilisi.bsz-bw.de
koha02.bsz-bw.de
mailrelay.bsz-bw.de
repos.bsz-bw.de
skat.bsz-bw.de
zfl-test.bsz-bw.de
boss.bsz-bw.de
goethe.bsz-bw.de
silberhorn.bsz-bw.de
dlr-literatursuche.bsz-bw.de
paris.bsz-bw.de
karachi.bsz-bw.de
wiki.bsz-bw.de
dlre.bsz-bw.de
zfl-prod.bsz-bw.de
koha03.bsz-bw.de
dlr-literatursuche.bsz-bw.de
k10bouftest.bsz-bw.de
fltest.bsz-bw.de
mailrelay.bsz-bw.de
swbplus.bsz-bw.de
vpn.bsz-bw.de
vpn.bsz-bw.de
cairo.bsz-bw.de
zfl-dev.bsz-bw.de
bernina.bsz-bw.de
kix.bsz-bw.de
dhaka.bsz-bw.de
hsportal.bsz-bw.de
dl04test.bsz-bw.de
pizol.bsz-bw.de
kopac.bsz-bw.de
vzabbix.bsz-bw.de
bibsysteme.bsz-bw.de
swop.bsz-bw.de
hfjs.bsz-bw.de
mare01.bsz-bw.de
hshl.bsz-bw.de
bahia.bsz-bw.de
santiago.bsz-bw.de
repos.bsz-bw.de
asterope.bsz-bw.de
ebmtool.de
gvi.bsz-bw.de

Certificate

The complete raw certificate details for idp.bsz-bw.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGyjCCBbKgAwIBAgIHGAAaqAVbcDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJERTE2MDQGA1UEChMtQmlibGlvdGhla3NzZXJ2aWNlLVplbnRydW0gQmFkZW4t
V3VlcnR0ZW1iZXJnMRgwFgYDVQQDEw9CU1otQlcgQ0EgLSBHMDIxHDAaBgkqhkiG
9w0BCQEWDXBraUBic3otYncuZGUwHhcNMTQwODA1MDkwMDA4WhcNMTkwNzA5MjM1
OTAwWjCBoTELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVy
ZzERMA8GA1UEBxMIS29uc3RhbnoxNjA0BgNVBAoTLUJpYmxpb3RoZWtzc2Vydmlj
ZS1aZW50cnVtIEJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UECxMJV2Vic2VydmVy
MRYwFAYDVQQDEw1pZHAuYnN6LWJ3LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA40EKD87MORYBm5wcgU+yBnDrhhagRIwZIVaf/FWqx+gR2XRZdMR3
81QIS1lEgftaypDdGFIAOptLSZChXBT0fzOCVeP3rOruo7Ge7xV0i/ak9LiukmXP
7mBd9PCh6UVJDBX8lZVmo17W8efVvW6t02jkQ7WfS3+LCFWtM1cCoxhqBS+/KHyX
+Hde0YZWn0MJp6QdXpMy6aNBQOebtSnkvN4BBHX47er5NkQGrAq31JOr3CPcEMr3
y3QfB9Rwqhh5mWNNTnmy2pt+LQQ3jgcFwFOVxyZkU/9Y0ku18K1phmxkjq2tqhCH
0FF3J39DuVSavXbcWNIJvhaNy3FdlyMWQOl7wWUZfBHZcARMnth96PIzFNLZ+Xr7
OypsJvdQ0yHScirbw2myz1BKabP7m2udlyPNMHzzW7nuXxfKmv0iUBhvdmMbn58J
H04/a8j+upmkO9YzvfLFIRugRecGfoVYLtHv4f7t51HiHqZ37eYgtKQ8ZE/g9s3G
BnmpMHHHPkJIQvRMFBsNqaaeG/Y0FZLLgPVIlNZtrDJThLOgAaHiHSzH2DnhV/2u
brorFUPWYKaZ/2Lr6LXVou6Md8orNjLMN3i37a/w/K9fSsmF10MKqovNFkjYkGKo
4b5b5N46q2XJIVWHgtpQMBBq4y09Ci+Ip9frRINacl3wGgGl/vlmsrsCAwEAAaOC
AigwggIkMDkGA1UdIAQyMDAwEQYPKwYBBAGBrSGCLAEBBAMBMBEGDysGAQQBga0h
giwCAQQDATAIBgZngQwBAgIwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0l
BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBT0rDaMLGE+KhQ5mWTW
H4ot4S4iHjAfBgNVHSMEGDAWgBQprQDey2blH96qjW3snLRC/vubITAYBgNVHREE
ETAPgg1pZHAuYnN6LWJ3LmRlMIGBBgNVHR8EejB4MDqgOKA2hjRodHRwOi8vY2Rw
MS5wY2EuZGZuLmRlL2Jzei1idy1jYS9wdWIvY3JsL2dfY2FjcmwuY3JsMDqgOKA2
hjRodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2Jzei1idy1jYS9wdWIvY3JsL2dfY2Fj
cmwuY3JsMIHRBggrBgEFBQcBAQSBxDCBwTAzBggrBgEFBQcwAYYnaHR0cDovL29j
c3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZlci9PQ1NQMEQGCCsGAQUFBzAChjhodHRw
Oi8vY2RwMS5wY2EuZGZuLmRlL2Jzei1idy1jYS9wdWIvY2FjZXJ0L2dfY2FjZXJ0
LmNydDBEBggrBgEFBQcwAoY4aHR0cDovL2NkcDIucGNhLmRmbi5kZS9ic3otYnct
Y2EvcHViL2NhY2VydC9nX2NhY2VydC5jcnQwDQYJKoZIhvcNAQELBQADggEBAFla
FkPfe3hOBnsSDbtmz+OmRGhEXd11I42oAGf/H5Hk5wuLX8xGFdFhxU4p2sMJm7IT
8kMUx2QVX+S/Suf597COomXBJ3UGv3ORaB8s9a45KnQJ3rY+8CH1gxPMRjzDc2e0
LujerJOMeBpNb19bIO8PcJgOot21CgdEZLpigWr2+lZkVDUNVnKDqkW24MC5QBV7
O/EgLANDyqhTS0VUr76KxiPZYOPOhVJPvughrbxZMtOSl+aYNOUrXEFxbfB/Zr9m
FJfk2TC3SL5x295M818e8rJwkn22fjo9oLRUaWcg7oM6eXB9DcDDcIy31hObpnLa
cyobduSNkOZaUoroSIY=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA40EKD87MORYBm5wcgU+y
BnDrhhagRIwZIVaf/FWqx+gR2XRZdMR381QIS1lEgftaypDdGFIAOptLSZChXBT0
fzOCVeP3rOruo7Ge7xV0i/ak9LiukmXP7mBd9PCh6UVJDBX8lZVmo17W8efVvW6t
02jkQ7WfS3+LCFWtM1cCoxhqBS+/KHyX+Hde0YZWn0MJp6QdXpMy6aNBQOebtSnk
vN4BBHX47er5NkQGrAq31JOr3CPcEMr3y3QfB9Rwqhh5mWNNTnmy2pt+LQQ3jgcF
wFOVxyZkU/9Y0ku18K1phmxkjq2tqhCH0FF3J39DuVSavXbcWNIJvhaNy3FdlyMW
QOl7wWUZfBHZcARMnth96PIzFNLZ+Xr7OypsJvdQ0yHScirbw2myz1BKabP7m2ud
lyPNMHzzW7nuXxfKmv0iUBhvdmMbn58JH04/a8j+upmkO9YzvfLFIRugRecGfoVY
LtHv4f7t51HiHqZ37eYgtKQ8ZE/g9s3GBnmpMHHHPkJIQvRMFBsNqaaeG/Y0FZLL
gPVIlNZtrDJThLOgAaHiHSzH2DnhV/2ubrorFUPWYKaZ/2Lr6LXVou6Md8orNjLM
N3i37a/w/K9fSsmF10MKqovNFkjYkGKo4b5b5N46q2XJIVWHgtpQMBBq4y09Ci+I
p9frRINacl3wGgGl/vlmsrsCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6755513929128816
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bibliotheksservice-Zentrum Baden-Wuerttemberg'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BSZ-BW CA - G02'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.9.1 (emailAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String '[email protected]'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-08-05 09:00:08 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-09 23:59:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Baden-Wuerttemberg'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Konstanz'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bibliotheksservice-Zentrum Baden-Wuerttemberg'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Webserver'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'idp.bsz-bw.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 927115676915413611666808007726816377669775908859311897676297496331329490395556470354095614461815722520818000714205672911130127537389983704472854331525716268264099822654950857284842196983419061214710426542902382634641270068726799134062119712391763239262893867396871357589216883058190168231857450854374659207127555436676542424040196169332848287550682729353338337202452706227196229125908123440444531495006796756733164486217063000807703326802615083160716497472415914706857292778736559201272043983395754034594892934176559474389670419841550743566876954742694910851939649703300767933364974057889694719117007585416438712957882832666260710834450854588512712426949678484026622346229925306128486527434392685431146784081913036991340593494967847641080756062681831705467328582161717288549214167518658724197913201773642778061873730791600700087471953551008775026302507433133535199127201671381239425403855194371873193010928506122915799160293812193808474894823779310612078919463610987441216601489935956261020167462741119258689523438432117424195526743689279205672256585415804264621209149322127320417524224911862626904068247037869664911142974487212195182596015060147728427884238575868500536216111403422212450524580117199716459518187451659343780127355579
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.22177.300.1.1.4.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.22177.300.2.1.4.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05e0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f4ac368c2c613e2a14399964d61f8a2de12e221e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 29ad00decb66e51fdeaa8d6dec9cb442fefb9b21
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (17 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'idp.bsz-bw.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (122 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp1.pca.dfn.de/bsz-bw-ca/pub/crl/g_cacrl.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp2.pca.dfn.de/bsz-bw-ca/pub/crl/g_cacrl.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (196 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pca.dfn.de/OCSP-Server/OCSP'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp1.pca.dfn.de/bsz-bw-ca/pub/cacert/g_cacert.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp2.pca.dfn.de/bsz-bw-ca/pub/cacert/g_cacert.crt'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00595a1643df7b784e067b120dbb66cfe3a64468445ddd75238da80067ff1f91e4e70b8b5fcc4615d161c54e29dac3099bb213f24314c764155fe4bf4ae7f9f7b08ea265c1277506bf7391681f2cf5ae392a7409deb63ef021f58313cc463cc37367b42ee8deac938c781a4d6f5f5b20ef0f70980ea2ddb50a074464ba62816af6fa566454350d567283aa45b6e0c0b940157b3bf1202c0343caa8534b4554afbe8ac623d960e3ce85524fbee821adbc5932d39297e69834e52b5c41716df07f66bf661497e4d930b748be71dbde4cf35f1ef2b270927db67e3a3da0b454696720ee833a79707d0dc0c3708cb7d6139ba672da732a1b76e48d90e65a528ae84886