www.bbaw.de

- Berlin-Brandenburgische Akademie der Wissenschaften -

Issued by GEANT OV RSA CA 4

About this certificate

This digital certificate with serial number 42:64:70:5a:ed:f1:12:55:1b:52:5d:a3:d7:d5:c0:bd was issued on by GEANT Vereniging.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Berlin-Brandenburgische Akademie der Wissenschaften

Organization: Berlin-Brandenburgische Akademie der Wissenschaften
State / Province: Berlin
Country: DE

GEANT Vereniging

Organization: GEANT Vereniging
Country: NL

This certificate will expire on

Certificate Details

Serial Number (hex): 42:64:70:5a:ed:f1:12:55:1b:52:5d:a3:d7:d5:c0:bd
Serial Number (int): 88250556241707550668106764905723838653
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 82:7f:b8:48:f6:da:e9:57:33:ba:8a:2d:0e:08:07:b7:c8:7d:da:10
AuthorityKeyId: 6f:1d:35:49:10:6c:32:fa:59:a0:9e:bc:8a:e8:1f:95:be:71:7a:0c

Fingerprint (sha1): 2a:1e:74:a2:53:3f:a6:07:9c:e2:0d:96:79:d2:eb:c8:b6:4a:f6:9d
Fingerprint (sha256): 1d:ff:d7:e3:60:06:3f:1c:f5:4d:24:24:b4:0a:10:52:81:6d:08:8f:76:2f:f9:b3:33:b9:1c:8d:bd:ad:ec:72

Issuing Certificate URL: http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt

Revocation information

OCSP Server: http://GEANT.ocsp.sectigo.com
CRL Distribution Point: http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl

Check the revocation status for certificate www.bbaw.de

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.bbaw.de

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.bbaw.de
bbaw.de

Other certificates including the domain name bbaw.de

(limited to 100 certificates)
cil.bbaw.de
telotawebpublic.bbaw.de
nubes.bbaw.de
telotawebdev.bbaw.de
gorkon.bbaw.de
achard.bbaw.de
abfallenergieverwertung.bbaw.de
bibelexegese.bbaw.de
wirt1.bbaw.de
login.bbaw.de
veranstaltungszentrum.bbaw.de
virtuelles-schuelerlabor.bbaw.de
bareos-director.bbaw.de
mgh.bbaw.de
bureau.bbaw.de
brainudl.bbaw.de
aaew.bbaw.de
praesidenten.bbaw.de
gitlab.bbaw.de
mx1.bbaw.de
zeugs.bbaw.de
devbib.bbaw.de
cil.bbaw.de
shibboleth.bbaw.de
mailman.bbaw.de
census.bbaw.de
wsus64.bbaw.de
cmg.bbaw.de
www.gentechnologiebericht.de
clarin.bbaw.de
ldap.bbaw.de
edoc.bbaw.de
syslog.bbaw.de
vimes.bbaw.de
proxy.bbaw.de
cmg.bbaw.de
xmlpublic.bbaw.de
forschungsdatenmanagement.bbaw.de
telotadev.bbaw.de
www.bbaw.de
bureau.bbaw.de
akademieregistres.bbaw.de
pdrprod.bbaw.de
xmledit.bbaw.de
praesidenten.bbaw.de
login.bbaw.de
achard.bbaw.de
mailman.bbaw.de
www2.bbaw.de
actaborussica.bbaw.de
telotadev.bbaw.de
pdrprod.bbaw.de
eduroam2.bbaw.de
www.correspsearch.net
proxy2.bbaw.de
mailix.bbaw.de
digiclass.bbaw.de
mailix2.bbaw.de
aaew-dev.bbaw.de
lebenswelten-digital.bbaw.de
shibboleth.bbaw.de
brainudl.bbaw.de
mailix.bbaw.de
wwwdev.bbaw.de
gaerten.bbaw.de
vimes.bbaw.de
gerechtigkeit.bbaw.de
census-lod.bbaw.de
login2.bbaw.de
brainjae.bbaw.de
hws.bbaw.de
ldap.bbaw.de
kollokationen.bbaw.de
telotadev.bbaw.de
edoc.bbaw.de
shibboleth.bbaw.de
frauenvertretung.bbaw.de
bibliothek.bbaw.de
kant.bbaw.de
vimes.bbaw.de
agora.bbaw.de
bibelexegese.bbaw.de
edition-humboldt.de
t3extern.bbaw.de
mittelalterzentrum.bbaw.de
tla.bbaw.de
actaborussica.bbaw.de
tableau.bbaw.de
dschutz.bbaw.de
ostwald.bbaw.de
encoding-correspondence.bbaw.de
forschungsdatenmanagement.bbaw.de
avh-r.bbaw.de
cil.bbaw.de
aaew.bbaw.de
hippo.bbaw.de
agora.bbaw.de
hippo.bbaw.de
idqw.bbaw.de
inetbbaw.bbaw.de

Certificate

The complete raw certificate details for www.bbaw.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIaTCCBlGgAwIBAgIQQmRwWu3xElUbUl2j19XAvTANBgkqhkiG9w0BAQwFADBE
MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE
AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjMwNTA5MDAwMDAwWhcNMjQwNTA4MjM1
OTU5WjByMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMTwwOgYDVQQKEzNC
ZXJsaW4tQnJhbmRlbmJ1cmdpc2NoZSBBa2FkZW1pZSBkZXIgV2lzc2Vuc2NoYWZ0
ZW4xFDASBgNVBAMTC3d3dy5iYmF3LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAxSuL9GDGpdrRcsji0Tb+d0JVNE4rwo+Xw8u7f+5E3uqqNnO/CYpg
3oWMpfWpAfmkbjwlh20gCc6ZTUfWPnvxe2rRhnr9g9Go8kbGBJb0WH13+lsmIgvR
NOn+0G680X8nIqyDaO84XgPz7r88q+Rcl5u6bjsNH1TvqFZhv/XPqQgVK2FCKm7E
bNYvsSV8g3pLpkagQZIDkPZz079z6FUOF6C91VIXn6Eh6c96IPdaBhkoCSG2fbN3
N3+y0mbmNlmGwXIb33YoMXy7guzAhFu/xx7t3CtylQR0ynIi3lieiGndbXHqw3y+
XL9kWA2rEgtYWJ6UVKiBPwd4JVUclvmsuepB5m3nW6Uwd0p2NnT3pp1RO1iGHm4Z
2PrCws4Vzs6caZlRBzZ2x0V6L/zghzPugF7ov4pvPHTysUVyb95sBB3qShwxx2bw
u4kYPYrWVTkQ+77BAzmHS30SKTnXFazYHQ3r32XP+ta7INaxcSrp5Ilu5s0ilf1M
LyEZG93wAG5pR2zaIPYJ8PBcxkOd/RlHD95vpGkKDAV3h5P5ruRLZXQSszgF4aAf
uYhKMBbfFU1HaxSvjcU76JqT101CW+z7VPB7iAuKDOozvhTuXNMEIeEDi8aqnePJ
KJpNgYxlqapIUiP3bM7vOPSB/j6wLgO/9m2PiAfVfW31c78tQI+dcssCAwEAAaOC
AycwggMjMB8GA1UdIwQYMBaAFG8dNUkQbDL6WaCevIroH5W+cXoMMB0GA1UdDgQW
BBSCf7hI9trpVzO6ii0OCAe3yH3aEDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0
BgsrBgEEAbIxAQICTzAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29t
L0NQUzAIBgZngQwBAgIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL0dFQU5ULmNy
bC5zZWN0aWdvLmNvbS9HRUFOVE9WUlNBQ0E0LmNybDB1BggrBgEFBQcBAQRpMGcw
OgYIKwYBBQUHMAKGLmh0dHA6Ly9HRUFOVC5jcnQuc2VjdGlnby5jb20vR0VBTlRP
VlJTQUNBNC5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9HRUFOVC5vY3NwLnNlY3Rp
Z28uY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgB2/4g/Crb7lVHCYcz1
h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYf/n4F6AAAEAwBHMEUCIQD0pe1ZKMGtkdWm
BIxAhU3hfztyuDgz8SW8zG1vdZsIcAIgMd2NSq3tvparBfP4KyASIGkhAB5yJ58n
ebZ8SnM4OtsAdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYf/
n4HjAAAEAwBHMEUCIAMWKHETPPK0dOQe6GYhzryFtvxoqID+1/IfzeZdHINcAiEA
lyHQzhMOKzQvc0kjHYgx7ZCEBJHitkXlVMGWqV0uJ4YAdgDuzdBk1dsazsVct520
zROiModGfLzs3sNRSFlGcR+1mwAAAYf/n4GlAAAEAwBHMEUCIBdvFVeygk/5hoUX
zbnz6TgssYrHmrf8PKx+RXl+ryhWAiEA4HoLE7Hj/YbPIEK3cY5/CbcEAJox247i
XDFDVNMJ9bIwHwYDVR0RBBgwFoILd3d3LmJiYXcuZGWCB2JiYXcuZGUwDQYJKoZI
hvcNAQEMBQADggIBAEgphyIzPrnnwVjg0P65xw1lI2sz98ocvilEwiXAbrhVOsNK
L2O5wwWypdtFQSjL8b5XPpKwzdnRbD8DWZeZspbc9kksXNOoFdYVjM6xMIcFIPZs
2u1yZt4YEp5smsqTMazNf9Q91HYWUpLF+46t9cg9hHVpUwn7ag+tNjlssuVKn8Ht
JfWv6+g1cqJsFZcUkrz3V4EMR2UEpIf6RdGPk+jWGfkFa0AFusL0PetiNMKZO4cI
BwbazH4U/zee+TRtYA6wl1XhS6LrfbzzJ6eT8Veyg078DbYAR8I49gS/lYXsv/VA
e4oNW1zdsSyWh+JM1EF5wFX4fCj2X8pDlKpyx86x8T65DXKry8XPguiD9qZCG6Je
nhXu1Whe1HoSCI1Ho4ypGZBt4PO3J84u4zWkHaeYPRjqLt7WaWxY/UfZf13FlS07
S86QstS/X0NsoJqXwkPXGcxdN3uyc0ZWtn/gIEGiTKHM6axh/NGx2Ebvz0ftT60G
IoTGh0QiqGisiQ2txu0/VkFiXPodAhVhOq+KSMuoeKynVAKwHjaFkdncqp8m0y/+
N6aTcd821rb62UW5ic9oGxWQIbkc3aaEueWBYr1+cZAJ1L/GvlXAqYXXuywVa/D7
VcHiqgLEt0gW5yfVBJybVT82WYVVXQyNWTmJroOWCfMWFh6926t7LL/vrUEl
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxSuL9GDGpdrRcsji0Tb+
d0JVNE4rwo+Xw8u7f+5E3uqqNnO/CYpg3oWMpfWpAfmkbjwlh20gCc6ZTUfWPnvx
e2rRhnr9g9Go8kbGBJb0WH13+lsmIgvRNOn+0G680X8nIqyDaO84XgPz7r88q+Rc
l5u6bjsNH1TvqFZhv/XPqQgVK2FCKm7EbNYvsSV8g3pLpkagQZIDkPZz079z6FUO
F6C91VIXn6Eh6c96IPdaBhkoCSG2fbN3N3+y0mbmNlmGwXIb33YoMXy7guzAhFu/
xx7t3CtylQR0ynIi3lieiGndbXHqw3y+XL9kWA2rEgtYWJ6UVKiBPwd4JVUclvms
uepB5m3nW6Uwd0p2NnT3pp1RO1iGHm4Z2PrCws4Vzs6caZlRBzZ2x0V6L/zghzPu
gF7ov4pvPHTysUVyb95sBB3qShwxx2bwu4kYPYrWVTkQ+77BAzmHS30SKTnXFazY
HQ3r32XP+ta7INaxcSrp5Ilu5s0ilf1MLyEZG93wAG5pR2zaIPYJ8PBcxkOd/RlH
D95vpGkKDAV3h5P5ruRLZXQSszgF4aAfuYhKMBbfFU1HaxSvjcU76JqT101CW+z7
VPB7iAuKDOozvhTuXNMEIeEDi8aqnePJKJpNgYxlqapIUiP3bM7vOPSB/j6wLgO/
9m2PiAfVfW31c78tQI+dcssCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 88250556241707550668106764905723838653
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT Vereniging'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT OV RSA CA 4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-05-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-08 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Berlin'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Berlin-Brandenburgische Akademie der Wissenschaften'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.bbaw.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 804383846348410421376208133810238393806744638048502476593063207070768804853494304951232741691840644002271412557580024816450216350032441786406115539288843695389191056958276125521422132127698195042418769991116171937459387873197454767675399313497127685883890471731493781419426362382362033216688208004177849224844360684545929311671651948139095069110663836568980683953254481915183585165930748329893335411072140752747751221230002612109136993460333845726034725169232054065272614218301785226459175853118101924575888089845376066075335233663385338962985575439341725266539426392770018225923922849077020316989968366853325543470213747408815652732983024977648502964480065581234152523645216835570863695585181915527790182042402796262382600173531512297836181369395363593271897213702197078864432116460831182126760463949579430523088585252470945045942206387494531697614107583787786752789319049909020309651914201166865213776465416041882086109758911522013939388205723516452408735969195926131044705747313572490861890967301460683573507064311300977434020341629126069535164511064094735670334182582869422516879988016601254268436379278154316714695209935764141663148724836932021287064812644531868956288762402586123028131049210452372412812691030628436513717580491
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f1d3549106c32fa59a09ebc8ae81f95be717a0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							827fb848f6dae95733ba8a2d0e0807b7c87dda10
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.79
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							016800760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a7400000187ff9f817a0000040300473045022100f4a5ed5928c1ad91d5a6048c40854de17f3b72b83833f125bccc6d6f759b0870022031dd8d4aadedbe96ab05f3f82b2012206921001e72279f2779b67c4a73383adb007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab00000187ff9f81e30000040300473045022003162871133cf2b474e41ee86621cebc85b6fc68a880fed7f21fcde65d1c835c0221009721d0ce130e2b342f7349231d8831ed90840491e2b645e554c196a95d2e2786007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000187ff9f81a500000403004730450220176f1557b2824ff9868517cdb9f3e9382cb18ac79ab7fc3cac7e45797eaf2856022100e07a0b13b1e3fd86cf2042b7718e7f09b704009a31db8ee25c314354d309f5b2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.bbaw.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bbaw.de'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0048298722333eb9e7c158e0d0feb9c70d65236b33f7ca1cbe2944c225c06eb8553ac34a2f63b9c305b2a5db454128cbf1be573e92b0cdd9d16c3f03599799b296dcf6492c5cd3a815d6158cceb130870520f66cdaed7266de18129e6c9aca9331accd7fd43dd476165292c5fb8eadf5c83d8475695309fb6a0fad36396cb2e54a9fc1ed25f5afebe83572a26c15971492bcf757810c476504a487fa45d18f93e8d619f9056b4005bac2f43deb6234c2993b87080706dacc7e14ff379ef9346d600eb09755e14ba2eb7dbcf327a793f157b2834efc0db60047c238f604bf9585ecbff5407b8a0d5b5cddb12c9687e24cd44179c055f87c28f65fca4394aa72c7ceb1f13eb90d72abcbc5cf82e883f6a6421ba25e9e15eed5685ed47a12088d47a38ca919906de0f3b727ce2ee335a41da7983d18ea2eded6696c58fd47d97f5dc5952d3b4bce90b2d4bf5f436ca09a97c243d719cc5d377bb2734656b67fe02041a24ca1cce9ac61fcd1b1d846efcf47ed4fad062284c6874422a868ac890dadc6ed3f5641625cfa1d0215613aaf8a48cba878aca75402b01e368591d9dcaa9f26d32ffe37a69371df36d6b6fad945b989cf681b159021b91cdda684b9e58162bd7e719009d4bfc6be55c0a985d7bb2c156bf0fb55c1e2aa02c4b74816e727d5049c9b553f365985555d0c8d593989ae839609f316161ebddbab7b2cbfefad4125