heu-ssl-client-eric.lidl.net

- Lidl Stiftung & Co. KG -

Issued by SwissSign RSA TLS OV ICA 2021 - 1

About this certificate

This digital certificate with serial number 34:15:ef:fa:fb:25:be:18:2b:b9:9c:39:6d:f9:92:47:e2:9e:79:df was issued on by SwissSign AG.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Lidl Stiftung & Co. KG

Organization: Lidl Stiftung & Co. KG
State / Province: Baden-Württemberg
Locality: Neckarsulm
Country: DE

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate has expire since

Certificate Details

Serial Number (hex): 34:15:ef:fa:fb:25:be:18:2b:b9:9c:39:6d:f9:92:47:e2:9e:79:df
Serial Number (int): 297356740972770416778272652013196230000247732703
Serial Number lenght: 158 bits, 20 octets

SubjectKeyId: 56:4b:ad:f6:42:1c:cc:65:49:0c:98:37:6d:55:0f:5e:3b:5c:e9:5c
AuthorityKeyId: ac:d0:3a:c2:c2:57:55:91:69:11:cc:70:6a:59:38:8a:8c:ac:9c:3d

Fingerprint (sha1): 43:2e:34:2f:f7:8f:c3:eb:c9:14:2a:9d:d6:b5:24:ec:60:fd:35:ca
Fingerprint (sha256): 17:b5:a2:43:50:de:96:42:b6:da:25:11:0e:d7:9c:c7:a8:29:bb:22:cf:95:1f:8f:ce:f5:ad:7e:67:ae:1e:48

Issuing Certificate URL: http://swisssign.net/cgi-bin/authority/download/ACD03AC2C25755916911CC706A59388A8CAC9C3D

Revocation information

OCSP Server: http://ocsp.swisssign.net/ACD03AC2C25755916911CC706A59388A8CAC9C3D
CRL Distribution Point: http://crl.swisssign.net/ACD03AC2C25755916911CC706A59388A8CAC9C3D
CRL Distribution Point: ldap://directory.swisssign.net/CN=ACD03AC2C25755916911CC706A59388A8CAC9C3D%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint

Check the revocation status for certificate heu-ssl-client-eric.lidl.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for heu-ssl-client-eric.lidl.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

heu-ssl-client-eric.lidl.net
www.heu-ssl-client-eric.lidl.net

Other certificates including the domain name lidl.net

(limited to 100 certificates)
cms-esaint.lidl.net
exp1.ucie.lidl.net
lsap29.asp.lidl.net
se1-ucexe-p001.lidl.net
abz-ssl-client-si.lidl.net
exp2.ucie.lidl.net
se1-ucexe-p001.lidl.net
qie-ssl-client-ie.lidl.net
hk-ucexe-p002.lidl.com.hk
lhr.hr.lidl.net
fizz.lidl.net
qdk-ssl-client-dk.lidl.net
l-tas154.asp.lidl.net
se1-ucexe-p001.lidl.net
ps4-ssl-client-eric.lidl.net
fizz.lidl.net
*.retail.lidl.net
qeu-ssl-client-eric.lidl.net
l-as525.asp.lidl.net
wirelessportal.lidl.com
hk-ucexe-p002.lidl.com.hk
se1-ucexe-p001.lidl.net
hgb-ssl-client-gb.lidl.net
heu-ssl-client-eric.lidl.net
exp2.ucie.lidl.net
fizz.lidl.net
se1-ucexe-p002.lidl.net
fizz.lidl.net
l-tas408.asp.lidl.net
fizz.lidl.net
*.sdl-career.lidl.net
heu-ssl-client-eric.lidl.net
qgb-ssl-client-gb.lidl.net
abz-ssl-client-eric.lidl.net
pf3-ssl-client-eric.lidl.net
exp1.ucie.lidl.net
se1-ucexe-p001.lidl.net
qps-ssl-client.lidl.net
se1-ucexe-p001.lidl.net
hsi-ssl-client-si.lidl.net
*.vdc.lidl.net
se1-ucexe-p001.lidl.net
out-uc17.lidl.net
abz-ssl-client-gb.lidl.net
abz-ssl-client-cssz.lidl.net
hcz-ssl-client-cssz.lidl.net
exp1.ucie.lidl.net
ebz-ssl-client-eric.lidl.net
heu-ssl-client-eric.lidl.net
qsi-ssl-client-si.lidl.net
wirelessportal.lidl.com
out-uc17.lidl.net
*.vdc.lidl.net
jss.lidl.net
fmmobile-qs.lidl.net
wirelessportal.lidl.com
pf3-ssl-client-eric.lidl.net
qie-ssl-client-ie.lidl.net
qps-ssl-client.lidl.net
out-uc18.lidl.net
ebz-ssl-client-eric.lidl.net
qeu-ssl-client-eric.lidl.net
heu-ssl-client-eric.lidl.net
ebz-ssl-client-eric.lidl.net
se1-ucexe-p001.lidl.net
wirelessportal.lidl.com
hps-ssl-client.lidl.net
abz-ssl-client-dk.lidl.net
qsi-ssl-client-si.lidl.net
hdk-ssl-client-dk.lidl.net
se1-ucexe-p001.lidl.net
out-uc18.lidl.net
qs4-ssl-client-eric.lidl.net
out-uc18.lidl.net
out-uc18.lidl.net
se1-ucexe-p001.lidl.net
fizz.lidl.net
abz-ssl-client-dk.lidl.net
ebz-ssl-client-dk.lidl.net
hdk-ssl-client-dk.lidl.net
qf3-ssl-client-eric.lidl.net
se1-ucexe-p002.lidl.net
hgb-ssl-client-gb.lidl.net
abz-ssl-client-eric.lidl.net
abz-ssl-client-si.lidl.net
se1-ucexe-p001.lidl.net
es4-ssl-client-eric.lidl.net
qgb-ssl-client-gb.lidl.net
exp2.ucie.lidl.net
*.vdc.lidl.net
jss.lidl.net
abz-ssl-client-eric.lidl.net
ssl-client-eee.lidl.net
se1-ucexe-p002.lidl.net
ebz-ssl-client-si.lidl.net
*.esaint.lidl.net
ssl-client-eee.lidl.net
qde-ssl-client-eric.lidl.net
hk-ucexe-p002.lidl.com.hk
heu-ssl-client-eric.lidl.net

Certificate

The complete raw certificate details for heu-ssl-client-eric.lidl.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJ0zCCB7ugAwIBAgIUNBXv+vslvhgruZw5bfmSR+Keed8wDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgT1YgSUNBIDIwMjEgLSAxMB4XDTIyMDUwMjA4
MjgzNFoXDTIzMDUwMjA4MjgzNFowgYcxCzAJBgNVBAYTAkRFMRswGQYDVQQIDBJC
YWRlbi1Xw7xydHRlbWJlcmcxEzARBgNVBAcTCk5lY2thcnN1bG0xHzAdBgNVBAoM
FkxpZGwgU3RpZnR1bmcgJiBDby4gS0cxJTAjBgNVBAMTHGhldS1zc2wtY2xpZW50
LWVyaWMubGlkbC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJ
ESLBkdwsCEoB8PAVYMv2D+AItqRu89KHlH4H2Ync1CCA4xkBcDkcMBId98/bUQ+E
+T0rI4frYiFHsKxLU2Dc4jj/e+50vX5G2UccYuhuB0wAtMuPVR+cYiTbr0neX6Dx
d9nxu0PNAGArY3DWTMZifzW3l6FRVnRCrV0B2JpUBFm9wkO8n4UytLDI/xUnYUci
i4FtqU9ROk8MsNPDjRCcxGNn2SCsZs8j2MZeS6qDeXGNS1oLT0e+G8AJmeve9GGi
+lZz7Ov8pvRmuWoUBL29RkPnECmztoOQw2PUy142tx9PyhjaRb1egE6JmVzSc5Bm
Tyf+4J+JK3NF+mE2V53hAgMBAAGjggVrMIIFZzBJBgNVHREEQjBAghxoZXUtc3Ns
LWNsaWVudC1lcmljLmxpZGwubmV0giB3d3cuaGV1LXNzbC1jbGllbnQtZXJpYy5s
aWRsLm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMB0GA1UdDgQWBBRWS632QhzMZUkMmDdtVQ9eO1zpXDAfBgNVHSMEGDAW
gBSs0DrCwldVkWkRzHBqWTiKjKycPTCB/wYDVR0fBIH3MIH0MEegRaBDhkFodHRw
Oi8vY3JsLnN3aXNzc2lnbi5uZXQvQUNEMDNBQzJDMjU3NTU5MTY5MTFDQzcwNkE1
OTM4OEE4Q0FDOUMzRDCBqKCBpaCBooaBn2xkYXA6Ly9kaXJlY3Rvcnkuc3dpc3Nz
aWduLm5ldC9DTj1BQ0QwM0FDMkMyNTc1NTkxNjkxMUNDNzA2QTU5Mzg4QThDQUM5
QzNEJTJDTz1Td2lzc1NpZ24lMkNDPUNIP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
c3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDBvBgNVHSAE
aDBmMFAGCGCFdAFZAgECMEQwQgYIKwYBBQUHAgEWNmh0dHBzOi8vcmVwb3NpdG9y
eS5zd2lzc3NpZ24uY29tL1N3aXNzU2lnbl9DUFNfVExTLnBkZjAIBgYEAI96AQcw
CAYGZ4EMAQICMIHGBggrBgEFBQcBAQSBuTCBtjBkBggrBgEFBQcwAoZYaHR0cDov
L3N3aXNzc2lnbi5uZXQvY2dpLWJpbi9hdXRob3JpdHkvZG93bmxvYWQvQUNEMDNB
QzJDMjU3NTU5MTY5MTFDQzcwNkE1OTM4OEE4Q0FDOUMzRDBOBggrBgEFBQcwAYZC
aHR0cDovL29jc3Auc3dpc3NzaWduLm5ldC9BQ0QwM0FDMkMyNTc1NTkxNjkxMUND
NzA2QTU5Mzg4QThDQUM5QzNEMIICbQYKKwYBBAHWeQIEAgSCAl0EggJZAlcAdQBV
gdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAYCD4rilAAAEAwBGMEQC
IGRotaLmvsixRVNUYq2dU62ICKfsZ6M6USFulysP+CUZAiAN4MznQcdIzUquoVFI
JeCwBOvViFlvEmyY84Tx7qa7LAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaN
sgiaN9kTAAABgIPit78AAAQDAEcwRQIgTHSlmor3Tk/2lMR9DJVeuJE12N+1dbqT
aUB8J0Jf/xoCIQD1NVa1XxXGq9pUM5uYP0XPbbfuD59hlDTbj30mXai7kgB1AK33
vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABgIPitxUAAAQDAEYwRAIg
VgCWXlck07uptHjTsA0DDV6jKu8C1Krkx8PesLD7gSQCIDkA4N8+MH7N5Yuk7Mx/
LUbGH6ehE5ihq7EjcxGD4YytAHcAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PAD
Dnk2pZoAAAGAg+K4XgAABAMASDBGAiEAw1PoZQ0m6tUwq+ARaCZN3cY4OeKO7bRC
yUu0K2MS4JQCIQDmgZ9vUJzZBra0TEFJFyhj1E1imK1jV+LKED72AE6l5AB2AOg+
0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABgIPit04AAAQDAEcwRQIh
ANtttyq/B0cE8JcXqGbxPhrov5kCRvNqaT8XPbVpa3qfAiBqAHGUfDv0gNcZJoNf
WAvDWTaXzfBx/txFCZYEGSo/CjANBgkqhkiG9w0BAQsFAAOCAgEAmYUD5bj7KtX1
ltdkgqp6XRN+mj1g+ThpCZsEgTSG2qm+/6TPf+vr3kCPyude8uuI5Ch7pV0te/ke
xM64vSGdCrdoIOqgevFWd4n65Gicop8h7UF6DEPncYwRLUVZmiAE+3GtvpcN9SgZ
L7S3brqIeGHsAQmnkad2tOnqFqPgxgTqzB++HxqkeQrYQYP8e+b0ibLbySvL4m5Y
+L27u4vWAZKkrpzMHvwnB2BCAXVrrFdBP1WPhdfSYUWRUlv/tXQOn7CIXJKFMU5S
hR3tfQi5sXNE3qtyB7qaORN4e1bXrgYE1fDdet1xCJAHXmmXGiQYYbMxJaJclJfg
sKhDyg9GiZx+dL4HnwGck240iGLvMYp8ZcWOJ+Y3C+dh06YcZx6lWwPkfGewhVJv
dLOPUerenN7VdQvQFplsvJIBO3aJbxx8L/1IQQ+uZ6UIZureSh1n++oMQhy278ge
MO4xVikvKuiCKA5DZwaPYKAfJVmj/9kdukyzQGbfwBYPyWkQ4KG06Cag6kBErGaj
Im2jDrm1lQ6KHMMFZLN4fV+QlhcpawH9H8kyOw9dG/Q/0xemHdsQxwX9z/hVi/lx
+/XOUM4bvyafEQ6HciGQ2WSuHP8QSO8CFyu3VU+N5OS0x1nsqDbzK7/nVN7BE3wk
JKAwp3Tud9l291mRuHbibv5jBSB7e/0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiREiwZHcLAhKAfDwFWDL
9g/gCLakbvPSh5R+B9mJ3NQggOMZAXA5HDASHffP21EPhPk9KyOH62IhR7CsS1Ng
3OI4/3vudL1+RtlHHGLobgdMALTLj1UfnGIk269J3l+g8XfZ8btDzQBgK2Nw1kzG
Yn81t5ehUVZ0Qq1dAdiaVARZvcJDvJ+FMrSwyP8VJ2FHIouBbalPUTpPDLDTw40Q
nMRjZ9kgrGbPI9jGXkuqg3lxjUtaC09HvhvACZnr3vRhovpWc+zr/Kb0ZrlqFAS9
vUZD5xAps7aDkMNj1MteNrcfT8oY2kW9XoBOiZlc0nOQZk8n/uCfiStzRfphNled
4QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 297356740972770416778272652013196230000247732703
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS OV ICA 2021 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-05-02 08:28:34 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-05-02 08:28:34 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Baden-Württemberg'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Neckarsulm'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Lidl Stiftung & Co. KG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'heu-ssl-client-eric.lidl.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17303097741568143860936871197911187024568584007213826400151120345542871465104133304124624942927622040187648893151144066220443010741269037877924172748932988548262717719429523028449865653918300909849721096013089470187731739086613119357110069290290723504704764219970755159002458830489234435800288723848236089238049227881390821852570614298400945561184558654603225485483467184995445389242573344687600743316170614388080678021961029603527066687422087879617538093551670498651033798166304355810077854136147210917730377880318826698952990689781928943529632546153119744399224326413102085133224722205742204291159872890952029281761
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'heu-ssl-client-eric.lidl.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.heu-ssl-client-eric.lidl.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							564badf6421ccc65490c98376d550f5e3b5ce95c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName acd03ac2c25755916911cc706a59388a8cac9c3d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.net/ACD03AC2C25755916911CC706A59388A8CAC9C3D'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://directory.swisssign.net/CN=ACD03AC2C25755916911CC706A59388A8CAC9C3D%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (185 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://swisssign.net/cgi-bin/authority/download/ACD03AC2C25755916911CC706A59388A8CAC9C3D'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.net/ACD03AC2C25755916911CC706A59388A8CAC9C3D'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (605 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (601 bytes)
							02570075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000018083e2b8a5000004030046304402206468b5a2e6bec8b145535462ad9d53ad8808a7ec67a33a51216e972b0ff8251902200de0cce741c748cd4aaea1514825e0b004ebd588596f126c98f384f1eea6bb2c0076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000018083e2b7bf000004030047304502204c74a59a8af74e4ff694c47d0c955eb89135d8dfb575ba9369407c27425fff1a022100f53556b55f15c6abda54339b983f45cf6db7ee0f9f619434db8f7d265da8bb92007500adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a0000018083e2b715000004030046304402205600965e5724d3bba9b478d3b00d030d5ea32aef02d4aae4c7c3deb0b0fb812402203900e0df3e307ecde58ba4eccc7f2d46c61fa7a11398a1abb123731183e18cad007700b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a0000018083e2b85e0000040300483046022100c353e8650d26ead530abe01168264dddc63839e28eedb442c94bb42b6312e094022100e6819f6f509cd906b6b44c4149172863d44d6298ad6357e2ca103ef6004ea5e4007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000018083e2b74e0000040300473045022100db6db72abf074704f09717a866f13e1ae8bf990246f36a693f173db5696b7a9f02206a0071947c3bf480d71926835f580bc3593697cdf071fedc45099604192a3f0a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00998503e5b8fb2ad5f596d76482aa7a5d137e9a3d60f93869099b04813486daa9beffa4cf7febebde408fcae75ef2eb88e4287ba55d2d7bf91ec4ceb8bd219d0ab76820eaa07af1567789fae4689ca29f21ed417a0c43e7718c112d45599a2004fb71adbe970df528192fb4b76eba887861ec0109a791a776b4e9ea16a3e0c604eacc1fbe1f1aa4790ad84183fc7be6f489b2dbc92bcbe26e58f8bdbbbb8bd60192a4ae9ccc1efc2707604201756bac57413f558f85d7d2614591525bffb5740e9fb0885c9285314e52851ded7d08b9b17344deab7207ba9a3913787b56d7ae0604d5f0dd7add710890075e69971a241861b33125a25c9497e0b0a843ca0f46899c7e74be079f019c936e348862ef318a7c65c58e27e6370be761d3a61c671ea55b03e47c67b085526f74b38f51eade9cded5750bd016996cbc92013b76896f1c7c2ffd48410fae67a50866eade4a1d67fbea0c421cb6efc81e30ee3156292f2ae882280e4367068f60a01f2559a3ffd91dba4cb34066dfc0160fc96910e0a1b4e826a0ea4044ac66a3226da30eb9b5950e8a1cc30564b3787d5f909617296b01fd1fc9323b0f5d1bf43fd317a61ddb10c705fdcff8558bf971fbf5ce50ce1bbf269f110e87722190d964ae1cff1048ef02172bb7554f8de4e4b4c759eca836f32bbfe754dec1137c2424a030a774ee77d976f75991b876e26efe6305207b7bfd