www.wijchen.nl

- Gemeente Wijchen -

Issued by KPN BV PKIoverheid Organisatie Server CA - G3

About this certificate

This digital certificate with serial number 0c:97:56:f7:fc:bc:28:3a was issued on by KPN B.V..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Gemeente Wijchen

Company registration number: 00000001001096874000
Organization: Gemeente Wijchen
Organization unit: ICT Rijk van Nijmegen
State / Province: Gelderland
Locality: Wijchen
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 0c:97:56:f7:fc:bc:28:3a
Serial Number (int): 907289473035544634
Serial Number lenght: 60 bits, 8 octets

SubjectKeyId: 64:f7:19:3d:c3:1d:81:89:6a:b3:70:c6:19:51:44:5c:ef:f4:72:1d
AuthorityKeyId: c3:9a:a6:7b:5e:74:2b:82:b6:c6:72:fd:74:4e:85:d2:97:cd:fd:18

Fingerprint (sha1): 5b:cc:8d:1d:2c:b9:9e:13:75:1f:e3:f8:22:05:01:10:e2:4f:3e:20
Fingerprint (sha256): 19:83:da:f9:10:8f:0e:cf:f6:1c:21:7c:8e:f1:fa:54:0b:30:e8:16:c5:47:14:b5:53:db:a9:01:47:3d:df:47

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer

Revocation information

OCSP Server: http://g3ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl

Check the revocation status for certificate www.wijchen.nl

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.wijchen.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.wijchen.nl
wijchen.nl

Other certificates including the domain name wijchen.nl

(limited to 100 certificates)

Certificate

The complete raw certificate details for www.wijchen.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIII6jCCBtKgAwIBAgIIDJdW9/y8KDowDQYJKoZIhvcNAQELBQAwcTELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMRcwFQYDVQRhDA5OVFJOTC0yNzEyNDcw
MTE2MDQGA1UEAwwtS1BOIEJWIFBLSW92ZXJoZWlkIE9yZ2FuaXNhdGllIFNlcnZl
ciBDQSAtIEczMB4XDTE5MDIwNDA4MzIzMVoXDTIxMDMzMDA4MzIzMVowgacxCzAJ
BgNVBAYTAk5MMRMwEQYDVQQIDApHZWxkZXJsYW5kMRAwDgYDVQQHDAdXaWpjaGVu
MRkwFwYDVQQKDBBHZW1lZW50ZSBXaWpjaGVuMR4wHAYDVQQLDBVJQ1QgUmlqayB2
YW4gTmlqbWVnZW4xHTAbBgNVBAUTFDAwMDAwMDAxMDAxMDk2ODc0MDAwMRcwFQYD
VQQDDA53d3cud2lqY2hlbi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPI6H/iRes1LzKLiijGPp2E3CElrBh3Abg1yuw+vhoXJiBpAn9jcpQ9dmsSD
7pKVgGntxLmCOIUFpWX6DMctvEPvBa05Y6ljj/1mLX6aBCAi7zkYpk1/5HR7fQog
vGtFXQwj2ExH1Uh4GDf4vAGx0tejn8xMHTa9G9SX+KYxMveyX/dx8/j/tiMQia/X
EI/V6f5FU8pQvkPrP0iJ6dJbPf/JNeRCAq6jQ+KSK634t8pNJ5kJKIdeSsyFhYA6
YdtAvZCPEY+QuNkhzCPhEMOCLGKsx7/hd6vPO5nqQy3IgE1FqJ7XzBIskl6NDqJR
xezyBKrY6amXNuATNMYO2V21qCMCAwEAAaOCBE0wggRJMIGUBggrBgEFBQcBAQSB
hzCBhDBYBggrBgEFBQcwAoZMaHR0cDovL2NlcnQubWFuYWdlZHBraS5jb20vQ0Fj
ZXJ0cy9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0aWVTZXJ2ZXJDQUczLmNlcjAo
BggrBgEFBQcwAYYcaHR0cDovL2czb2NzcC5tYW5hZ2VkcGtpLmNvbTAdBgNVHQ4E
FgQUZPcZPcMdgYlqs3DGGVFEXO/0ch0wDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAW
gBTDmqZ7XnQrgrbGcv10ToXSl839GDCBsQYDVR0gBIGpMIGmMIGZBgpghBABh2sB
AgUGMIGKMDcGCCsGAQUFBwIBFitodHRwczovL2NlcnRpZmljYWF0Lmtwbi5jb20v
cGtpb3ZlcmhlaWQvY3BzME8GCCsGAQUFBwICMEMMQU9wIGRpdCBjZXJ0aWZpY2Fh
dCBpcyBoZXQgQ1BTIFBLSW92ZXJoZWlkIHZhbiBLUE4gdmFuIHRvZXBhc3Npbmcu
MAgGBmeBDAECAjBeBgNVHR8EVzBVMFOgUaBPhk1odHRwOi8vY3JsLm1hbmFnZWRw
a2kuY29tL0tQTkJWUEtJb3ZlcmhlaWRPcmdhbmlzYXRpZVNlcnZlckNBRzMvTGF0
ZXN0Q1JMLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMBMCUGA1UdEQQeMByCDnd3dy53aWpjaGVuLm5sggp3aWpjaGVuLm5s
MIIB9gYKKwYBBAHWeQIEAgSCAeYEggHiAeAAdwDuS723dc5guuFCaR+r4Z5mow9+
X7By2IMAxHuJeqj9ywAAAWi3ozuVAAAEAwBIMEYCIQD1sJ8bw/Orzm0NUJ7WQsL2
7QYBzAhfvZGjE/oCo1rIAgIhAJwoKIjdVbK8QwXHR09sjrS+jPEMs/7VTdTEd/q2
wM01AHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFot6M7kwAA
BAMARzBFAiEAxhxDPj/vUEvIhfMR7qVSksylp1l6qRtdF5wadhrn+cwCIFjs72eE
7+WOOca/1RN4LR+sc/JftAZCAvbquiN9XykwAHUApLkJkLQYWBSHuxOizGdwCjw1
mAT5G9+443fNDsgN3BAAAAFot6M7lQAABAMARjBEAiA49x0BVSiEr6pIEiR7lsSO
2q95Gaf4n6kuiUKjSBfK7wIgJch/iwrvI1QziJeWzMiiJRi69SKEw6CujoUN3qzv
N28AdgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWi3pCaYAAAE
AwBHMEUCIQCHHtvOxB6+w1KBrtVD07653fLXh5t3fNhLqfpky27ELAIgYFwbJDkm
mSHZ0tLbVIe6iSjqgceOgE8lPJWHVZBx6rUwDQYJKoZIhvcNAQELBQADggIBALwp
NamYX8RqkgC2yG9uBxPaT0RyN7+IwhagZrkjnmO+/ggKv39NCPKSXoa1ocWhFfVo
EaCKlbDmi1tN2HEDsmfCqb0cOV28J2RJKG+l3gF0Xq8SB5sf7E9dBNBvmRTtc2Pp
iTjJF7AhUrdj7ifh1QjfP3qiQth/IitopAHV1FfqU3ihpUpS7zgOyEqweRL/vvVl
OzqH9Y5Blg/B9/8hqmLQLqBl/xG2JoT6Fp5STgmOZV8MnlKmGtQAUv0mCnqMhnXK
VdBrPf6zl50bzM66WfMGOaPjNjHT+4zett1Hsr5Go1gX+VEaAOQA3O+YXCoJ9WqN
8b+0lP1HLgKPR4RN3b/ydTxS3/RBSAb9FqHG/3TmBwEXAtVhSGj9gjtG1fOYowuX
MZj9Py4wBrXTCGKisLxk/da/zAgSqtXvgS2ocTkK94yqw65jPhv1xQdHPYJEIEne
3GLwqo2oe5tfxx5h3d4fjLfxQeHNjeC9J8qZUkmgnRwo0jiKsKQZTePjtMr9q1++
p2QI4pBM2Goq9reEZHM534WWsGWLFZG6Nqa68DkJqSGCcFkyBd9lC7pXQgOyypMY
ubYxdSmerVcl4KYTNtDinWUS0q3uGHKhic12k8uN3elszKxeaE/MOuoSsbQ+S5ie
+7WAMGOytGPa5ZsPYZLD5crCEmi+A8DJrWzPr0NU
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8jof+JF6zUvMouKKMY+n
YTcISWsGHcBuDXK7D6+GhcmIGkCf2NylD12axIPukpWAae3EuYI4hQWlZfoMxy28
Q+8FrTljqWOP/WYtfpoEICLvORimTX/kdHt9CiC8a0VdDCPYTEfVSHgYN/i8AbHS
16OfzEwdNr0b1Jf4pjEy97Jf93Hz+P+2IxCJr9cQj9Xp/kVTylC+Q+s/SInp0ls9
/8k15EICrqND4pIrrfi3yk0nmQkoh15KzIWFgDph20C9kI8Rj5C42SHMI+EQw4Is
YqzHv+F3q887mepDLciATUWontfMEiySXo0OolHF7PIEqtjpqZc24BM0xg7ZXbWo
IwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 907289473035544634
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.97
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'NTRNL-27124701'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN BV PKIoverheid Organisatie Server CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-02-04 08:32:31 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-30 08:32:31 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gelderland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Wijchen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gemeente Wijchen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'ICT Rijk van Nijmegen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000001001096874000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'www.wijchen.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30578332251633251765768787284100642569447301367296248039072153142731836238660898522165958841254384890294734422637309382863768632875318001598680120298826129230762794101573545661272629940561924355362834578009542994125102087859941051957689539914804796929799233138217249036735888246304934091743219251970971889746857157612502937520601254185606258313756313957354337342050566484429304563477531140417232057134113163093237401092275674991670435229821289454684007519915892004924531742513433085971281449265831959394354854241895091919599456210701032040143201731027665346981598512862208383429085289840454185863570070546127982536739
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g3ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							64f7193dc31d81896ab370c61951445ceff4721d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c39aa67b5e742b82b6c672fd744e85d297cdfd18
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.wijchen.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wijchen.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (486 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (482 bytes)
							01e0007700ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000168b7a33b950000040300483046022100f5b09f1bc3f3abce6d0d509ed642c2f6ed0601cc085fbd91a313fa02a35ac8020221009c282888dd55b2bc4305c7474f6c8eb4be8cf10cb3fed54dd4c477fab6c0cd35007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000168b7a33b930000040300473045022100c61c433e3fef504bc885f311eea55292cca5a7597aa91b5d179c1a761ae7f9cc022058ecef6784efe58e39c6bfd513782d1fac73f25fb4064202f6eaba237d5f2930007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000168b7a33b950000040300463044022038f71d01552884afaa4812247b96c48edaaf7919a7f89fa92e8942a34817caef022025c87f8b0aef235433889796ccc8a22518baf52284c3a0ae8e850ddeacef376f0076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000168b7a426980000040300473045022100871edbcec41ebec35281aed543d3beb9ddf2d7879b777cd84ba9fa64cb6ec42c0220605c1b2439269921d9d2d2db5487ba8928ea81c78e804f253c9587559071eab5
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00bc2935a9985fc46a9200b6c86f6e0713da4f447237bf88c216a066b9239e63befe080abf7f4d08f2925e86b5a1c5a115f56811a08a95b0e68b5b4dd87103b267c2a9bd1c395dbc276449286fa5de01745eaf12079b1fec4f5d04d06f9914ed7363e98938c917b02152b763ee27e1d508df3f7aa242d87f222b68a401d5d457ea5378a1a54a52ef380ec84ab07912ffbef5653b3a87f58e41960fc1f7ff21aa62d02ea065ff11b62684fa169e524e098e655f0c9e52a61ad40052fd260a7a8c8675ca55d06b3dfeb3979d1bccceba59f30639a3e33631d3fb8cdeb6dd47b2be46a35817f9511a00e400dcef985c2a09f56a8df1bfb494fd472e028f47844dddbff2753c52dff4414806fd16a1c6ff74e607011702d5614868fd823b46d5f398a30b973198fd3f2e3006b5d30862a2b0bc64fdd6bfcc0812aad5ef812da871390af78caac3ae633e1bf5c507473d82442049dedc62f0aa8da87b9b5fc71e61ddde1f8cb7f141e1cd8de0bd27ca995249a09d1c28d2388ab0a4194de3e3b4cafdab5fbea76408e2904cd86a2af6b784647339df8596b0658b1591ba36a6baf03909a9218270593205df650bba574203b2ca9318b9b63175299ead5725e0a61336d0e29d6512d2adee1872a189cd7693cb8ddde96cccac5e684fcc3aea12b1b43e4b989efbb5803063b2b463dae59b0f6192c3e5cac21268be03c0c9ad6ccfaf4354