oim-acc-be1.forux.nl

- Universiteit van Amsterdam -

Issued by GEANT OV RSA CA 4

About this certificate

This digital certificate with serial number 6d:51:39:88:95:cb:d6:77:3a:19:e9:d9:00:e4:a3:42 was issued on by GEANT Vereniging.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Universiteit van Amsterdam

Organization: Universiteit van Amsterdam
State / Province: Noord-Holland
Country: NL

GEANT Vereniging

Organization: GEANT Vereniging
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 6d:51:39:88:95:cb:d6:77:3a:19:e9:d9:00:e4:a3:42
Serial Number (int): 145307594504834352460128715773344785218
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 7b:77:f5:68:4a:ba:10:97:00:7d:17:1e:60:73:d8:50:94:40:57:7d
AuthorityKeyId: 6f:1d:35:49:10:6c:32:fa:59:a0:9e:bc:8a:e8:1f:95:be:71:7a:0c

Fingerprint (sha1): 44:5f:61:6f:75:56:62:d2:b4:4e:55:7e:ce:9c:87:ef:84:43:df:2e
Fingerprint (sha256): 0d:db:0b:f0:3a:2f:a8:d5:a5:19:8e:4b:20:1b:2c:35:41:78:26:e1:38:e3:bd:60:a2:28:3d:d4:c9:00:47:48

Issuing Certificate URL: http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt

Revocation information

OCSP Server: http://GEANT.ocsp.sectigo.com
CRL Distribution Point: http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl

Check the revocation status for certificate oim-acc-be1.forux.nl

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for oim-acc-be1.forux.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

oim-acc-be1.forux.nl
idm-acc-beheer.ic.uva.nl
idm-acc-beheer.ict.hva.nl
oim-acc-be2.forux.nl

Other certificates including the domain name forux.nl

(limited to 100 certificates)
sap-dev-rudx.ic.uva.nl
psql-prd1.forux.nl
sap-acc-ruax.ic.uva.nl
content-dev.sap.uva.nl
canvas-acc-apps2.forux.nl
gitlab-dev.forux.nl
moodle-prd-db1.forux.nl
unixbeheer.forux.nl
sap-prd-bupx.forux.nl
hva.nl
admin.uva.icts-dev-app1.aws.forux.nl
maven.ic.uva.nl
netbox.forux.nl
diensten.uba.uva.nl
moodle-prd-db1.forux.nl
canvas-acc-apps2.forux.nl
sap-prd-ffpx.forux.nl
aanmelden.hva.nl
netdisco-acc1.forux.nl
hva.nl
uvacms-tst-ic1.forux.nl
expenseclaims.uva.nl
airm-acc.forux.nl
psql-prd1.forux.nl
admin.hva.icts-dev-app1.aws.forux.nl
gitlab-dev.forux.nl
oim-acc-be1.forux.nl
oim-acc-adm1.forux.nl
ipam-dev1.forux.nl
tsm.uva.nl
lamp-prd-dba1.forux.nl
uvacms-tst-fe1.forux.nl
uvacms-tst-ic1.forux.nl
tst-aanmelden.hva.nl
api.ocp-tst1.ocp2.forux.nl
api.expenseclaims.uva.nl
oim-acc-fe1.forux.nl
ocpidp-acc.lb.forux.nl
content.sap.uva.nl
ocpidp-prd.lb.forux.nl
content-acc.sap.uva.nl
web-prd-wordpress1.forux.nl
expenseclaims-acc.uva.nl
loadbalancer.icts-dev-app1.aws.forux.nl
hva.nl
tower.forux.nl
jira.ic.uva.nl
cas-acc4.forux.nl
api.ocp-prd1.ocp1.forux.nl
builder.ic.uva.nl
airm-acc.forux.nl
nra.sis.uva.nl
admin.uva.icts-dev-app1.aws.forux.nl
monitor.forux.nl
moodle-dev.fdmci.hva.nl
unixbeheer.forux.nl
tower-dev.forux.nl
m.sis.uva.nl
uvacms-tst-be1.forux.nl
uvacms-tst-fe1.forux.nl
sap-dev-budx.ic.uva.nl
oim-tst-devbe1.forux.nl
integration-test.cms.uva.nl
content.sap.uva.nl
psql-prd1.forux.nl
hva.nl
cmx-prd-anonymizer1.forux.nl
content.sap.uva.nl
vault.forux.nl
canvas-tst-apps1.forux.nl
uvacms-tst-ic1.forux.nl
sap-dev-ffdx.forux.nl
tsm-dev.ic.uva.nl
kassa.hva.icts-dev-app1.aws.forux.nl
kassa.uva.icts-dev-app1.aws.forux.nl
ldap-dev.ic.uva.nl
tlscertmon-dev.forux.nl
a10-devx.forux.nl
psql-dev1.forux.nl
monitor.forux.nl
nessus-prd1.forux.nl
uvacms-prd-ic1.forux.nl
hvacms-acc-fe1.forux.nl
moodle-prd-db1.forux.nl
uvacms-acc-fe1.forux.nl
test.uba.uva.nl
oim-prd-fe1.forux.nl
gitlab-dev.forux.nl
moodle-prd-db1.forux.nl
ipam.forux.nl
lamp-prd-dba1.forux.nl
hvacms-acc-ic1.forux.nl
smtp-acc3.forux.nl
sap-prd-rupx.ic.uva.nl
netdisco-acc1.forux.nl
hvacms-acc-ic1.forux.nl
loadbalancer.icts-dev-app1.aws.forux.nl
canvas-acc-apps1.forux.nl
labservant.ic.uva.nl
sap-tst-ruzx.forux.nl

Certificate

The complete raw certificate details for oim-acc-be1.forux.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHqzCCBZOgAwIBAgIQbVE5iJXL1nc6GenZAOSjQjANBgkqhkiG9w0BAQwFADBE
MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE
AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjMwMTA0MDAwMDAwWhcNMjQwMTA0MjM1
OTU5WjBpMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDEjMCEG
A1UEChMaVW5pdmVyc2l0ZWl0IHZhbiBBbXN0ZXJkYW0xHTAbBgNVBAMTFG9pbS1h
Y2MtYmUxLmZvcnV4Lm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
3UJB7P0XioCyqzmgafJkIUbNTXqNjC+ulzUNiZOby+24vRso/7a6M5TyUeVHkHWZ
jG220x+iOJkomjHcLJ0lS2KP1p7Z8BKWDNk6RpINAgvTbibzdqVes3mBWRhKpbWS
nmOCM9TYme61QDa9unw7mCy19Y9ThshmmGHCwIuuAof6sUoZbtoFfu+G0xxOQZmj
wtUCOyrJeWnpjPvp//YqsfJmNoc0SUWeZuxqGougg8wTwRstV9DU8RXbpQO+AQuQ
w2Nt8hMM4+rka+uBf+jrwEQt61JovIbZM/AplstUfoNO6Sxs/QKr4ORqWsZA+3U7
nT9fzF0cvd79rOZsnO/mYwIDAQABo4IDcjCCA24wHwYDVR0jBBgwFoAUbx01SRBs
MvpZoJ68iugflb5xegwwHQYDVR0OBBYEFHt39WhKuhCXAH0XHmBz2FCUQFd9MA4G
A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgJPMCUwIwYIKwYBBQUH
AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjA/BgNVHR8EODA2
MDSgMqAwhi5odHRwOi8vR0VBTlQuY3JsLnNlY3RpZ28uY29tL0dFQU5UT1ZSU0FD
QTQuY3JsMHUGCCsGAQUFBwEBBGkwZzA6BggrBgEFBQcwAoYuaHR0cDovL0dFQU5U
LmNydC5zZWN0aWdvLmNvbS9HRUFOVE9WUlNBQ0E0LmNydDApBggrBgEFBQcwAYYd
aHR0cDovL0dFQU5ULm9jc3Auc2VjdGlnby5jb20wggF+BgorBgEEAdZ5AgQCBIIB
bgSCAWoBaAB1AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABhXpI
pl0AAAQDAEYwRAIgGPpsyrJ2phNE2tTLdnFEZYKTZ//x9ZSPWMu/oy78EZ0CICZ5
TC2pkbfJaJYy2n3OCPDsRojyY4hAK6qoS4rUbQp1AHYA2ra/az+1tiKfm8K7XGvo
cJFxbLtRhIU0vaQ9MEjX+6sAAAGFekimaQAABAMARzBFAiBTAG5seE2WBHeZVMCX
TdiGF5RkTpI0bYch+Hd5koLQbAIhAMTdl5xaBhJt8RPWX7ToikjdpP1BwxixU90y
Nw9gA/a5AHcA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGFekim
QAAABAMASDBGAiEAtlDRlpUM00WREyiJHe1t64k59SDnkvgW81rsczDz3W0CIQCU
u1ZJBwD06317m4hgK0b5fuGXixuwOy36xgLgPkIuFDBqBgNVHREEYzBhghRvaW0t
YWNjLWJlMS5mb3J1eC5ubIIYaWRtLWFjYy1iZWhlZXIuaWMudXZhLm5sghlpZG0t
YWNjLWJlaGVlci5pY3QuaHZhLm5sghRvaW0tYWNjLWJlMi5mb3J1eC5ubDANBgkq
hkiG9w0BAQwFAAOCAgEARLD2ryA9LoeQUxovPZpy0891B/n9IZ56+bws2scSJkIc
s/jgfMP/AErUFWdfORmfAgb6xJhjo8j8/HGyYO6wrK0Fh4tMpojtUonSdEFREv1v
sbATSzMwgtLvpx61FkR6hdjGTeqaiibmpdoGRbViOWJT936VuWE4TWYPu82JNi2h
P1CB7SiqzBwGB22P8d8vaINM/5xol+0y5E23LU2z9d5rNwzVYk7Ys0ZOxk5iv8hb
vT6kNnDnjhYiCEJouuzUkeS38wx8/Frqj+Ug4jkKSDfjw6x0S9wmBAWORkeEnYdk
YfsuadBaTwNlHLxjldX6fVKZaDL/cRjqZs4YFaBBQ1sMifvadJTW0pq8yX9eFbih
DIh/SPBuTtCF/I7JMj1i2O2kR7rPbIUcC2D3sTZeASXEe+k2i7crZWnpMPEXv1uk
hynnjVpdX75Wmlzvm7rPucIgPobp6RzU4uci3hu95FYfmaz0iSuJjihYwxewSqnd
YBCR1T+Tjv8e0aPZacSgxzNdMd38gArrXpKiOMZBUmLAw2IAAcJFcjFSiPIsBvfN
xL5bSRg7f3WgxR8wrGhYqLXX8Ci0fx5F8+F/hWSHLaCpTNO1dCfomRlAHFdp3yXs
Emw0BWDykKK1V17AxlMauGqdAnDNbLRlLK91NN2/+NmPb1NMZjBV8t5K3au5ArY=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UJB7P0XioCyqzmgafJk
IUbNTXqNjC+ulzUNiZOby+24vRso/7a6M5TyUeVHkHWZjG220x+iOJkomjHcLJ0l
S2KP1p7Z8BKWDNk6RpINAgvTbibzdqVes3mBWRhKpbWSnmOCM9TYme61QDa9unw7
mCy19Y9ThshmmGHCwIuuAof6sUoZbtoFfu+G0xxOQZmjwtUCOyrJeWnpjPvp//Yq
sfJmNoc0SUWeZuxqGougg8wTwRstV9DU8RXbpQO+AQuQw2Nt8hMM4+rka+uBf+jr
wEQt61JovIbZM/AplstUfoNO6Sxs/QKr4ORqWsZA+3U7nT9fzF0cvd79rOZsnO/m
YwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 145307594504834352460128715773344785218
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT Vereniging'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT OV RSA CA 4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-04 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-04 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Noord-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Universiteit van Amsterdam'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'oim-acc-be1.forux.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27931338199531174309418231474405216783924982070754715331066067326712465469820867355074189179647426962114554342563205912691839215615590978858796186034083223826899172721976333526913400152739088917018134911592351318943098526664191334251419437593183647889327809612357436645135954326637891081301890367073788499050484188666499745314074735353197460387594036154358739112665896496909667603066299093190882206725217879872339050155234824227482810931992027558560678857707203780232981132114358434359565880677913517186752949119699245101578220629707068535303717548121200032651229189157475035923654191303887577239910462804635964925539
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f1d3549106c32fa59a09ebc8ae81f95be717a0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							7b77f5684aba1097007d171e6073d8509440577d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.79
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							016800750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a74000001857a48a65d0000040300463044022018fa6ccab276a61344dad4cb76714465829367fff1f5948f58cbbfa32efc119d022026794c2da991b7c9689632da7dce08f0ec4688f26388402baaa84b8ad46d0a75007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab000001857a48a6690000040300473045022053006e6c784d9604779954c0974dd8861794644e92346d8721f877799282d06c022100c4dd979c5a06126df113d65fb4e88a48dda4fd41c318b153dd32370f6003f6b9007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b000001857a48a6400000040300483046022100b650d196950cd345911328891ded6deb8939f520e792f816f35aec7330f3dd6d02210094bb56490700f4eb7d7b9b88602b46f97ee1978b1bb03b2dfac602e03e422e14
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oim-acc-be1.forux.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'idm-acc-beheer.ic.uva.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'idm-acc-beheer.ict.hva.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oim-acc-be2.forux.nl'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0044b0f6af203d2e8790531a2f3d9a72d3cf7507f9fd219e7af9bc2cdac71226421cb3f8e07cc3ff004ad415675f39199f0206fac49863a3c8fcfc71b260eeb0acad05878b4ca688ed5289d274415112fd6fb1b0134b333082d2efa71eb516447a85d8c64dea9a8a26e6a5da0645b562396253f77e95b961384d660fbbcd89362da13f5081ed28aacc1c06076d8ff1df2f68834cff9c6897ed32e44db72d4db3f5de6b370cd5624ed8b3464ec64e62bfc85bbd3ea43670e78e1622084268baecd491e4b7f30c7cfc5aea8fe520e2390a4837e3c3ac744bdc2604058e4647849d876461fb2e69d05a4f03651cbc6395d5fa7d52996832ff7118ea66ce1815a041435b0c89fbda7494d6d29abcc97f5e15b8a10c887f48f06e4ed085fc8ec9323d62d8eda447bacf6c851c0b60f7b1365e0125c47be9368bb72b6569e930f117bf5ba48729e78d5a5d5fbe569a5cef9bbacfb9c2203e86e9e91cd4e2e722de1bbde4561f99acf4892b898e2858c317b04aa9dd601091d53f938eff1ed1a3d969c4a0c7335d31ddfc800aeb5e92a238c6415262c0c3620001c24572315288f22c06f7cdc4be5b49183b7f75a0c51f30ac6858a8b5d7f028b47f1e45f3e17f8564872da0a94cd3b57427e89919401c5769df25ec126c340560f290a2b5575ec0c6531ab86a9d0270cd6cb4652caf7534ddbff8d98f6f534c663055f2de4addabb902b6