www.deloitte.nl

- Deloitte Accountants -

Issued by KPN BV PKIoverheid Organisatie Server CA - G3

About this certificate

This digital certificate with serial number 7e:93:32:48:59:90:89:6e was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Deloitte Accountants

Company registration number: 00000003243628530000
Organization: Deloitte Accountants
Organization unit: GSC
State / Province: Zuid-Holland
Locality: Rotterdam
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 7e:93:32:48:59:90:89:6e
Serial Number (int): 9120688956677065070
Serial Number lenght: 63 bits, 8 octets

SubjectKeyId: bc:ae:6f:c4:a2:2f:bf:2e:5c:89:76:ba:29:a5:a0:ab:7b:44:89:17
AuthorityKeyId: c3:9a:a6:7b:5e:74:2b:82:b6:c6:72:fd:74:4e:85:d2:97:cd:fd:18

Fingerprint (sha1): 87:b8:fd:0c:3e:4a:7f:02:f4:cd:1d:50:69:11:af:12:95:c6:82:66
Fingerprint (sha256): 1f:bc:e9:34:ff:28:18:78:1b:07:4f:21:05:08:10:29:28:0a:62:26:4f:95:d1:5a:24:2d:d3:5c:e7:82:31:7f

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer

Revocation information

OCSP Server: http://g3ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl

Check the revocation status for certificate www.deloitte.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.deloitte.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.deloitte.nl

Other certificates including the domain name deloitte.nl

(limited to 100 certificates)
communication-trackontrade.deloitte.nl
www.beglobal.shop
magazine.deloitte.nl
*.iapps-t.deloitte.nl
ispacemobile.deloitte.nl
getsupport-d.deloitte.nl
s4hop.sapdemo.deloitte.nl
tax-i.deloitte.nl
e.deloitte.nl
edgejourney-s.deloitte.nl
viewold.deloitte.nl
communication-test-trackontrade.deloitte.nl
4me.qa
view.deloitte.nl
secureupload.deloitte.nl
secureupload.erslab.deloitte.nl
docqminer-model-staging.clipper-nonprod.deloitte.nl
sip.deloitte.nl
wintrackertaxlegal.clipper-nonprod.deloitte.nl
*.deloitte.nl
remotevpn.deloitte.nl
view.deloitte.nl
aeoscan.deloitte.nl
usap42.us.deloitte.com
usap42.us.deloitte.com
ourbrand.deloitte
alumni.deloitte.nl
secureupload.deloitte.nl
das.deloitte.nl
xray-john-old.clipper-nonprod.deloitte.nl
communication-test-trackontrade.deloitte.nl
getsupport-s.deloitte.nl
usap42.us.deloitte.com
alumni.deloitte.nl
communication-trackontrade.deloitte.nl
ourbrand.deloitte
webmail.deloitte.nl
meet.deloitte.nl
ourbrand.deloitte
investoronboarding-d.deloitte.nl
dataplatform-t.deloitte.nl
invisionweb.deloitte.nl
fast50.deloitte.nl
remotevpn.deloitte.nl
view.deloitte.nl
meet.deloitte.nl
brainspacenew.deloitte.nl
invisionwebsso.deloitte.nl
ourbrand.deloitte
sip.deloitte.nl
annualreport.deloitte.nl
4me.com
sapclientvpn.deloitte.nl
dataplatform-d.deloitte.nl
monitor-d.drop.deloitte.nl
taxifdtst.deloitte.nl
mail.deloitte.nl
events.deloitte.nl
meet.deloitte.nl
*.iapps.deloitte.nl
www.deloitte.nl
regview-acc.clipper-nonprod.deloitte.nl
usap42.us.deloitte.com
academy.deloitte.nl
ispace.deloitte.nl
aeoscan.deloitte.nl
tax-i.deloitte.nl
mail2.deloitte.nl
oraclecloudextractor.clipper-nonprod.deloitte.nl
*.iapps-s.deloitte.nl
roulette-dev.deloitte.nl
www.deloitte.nl
*.4me.qa
tendertracker.clipper-nonprod.deloitte.nl
4me.qa
academy.deloitte.nl
confirmit.deloitte.nl
usap42.us.deloitte.com
*.clipper-audit-nonprod.deloitte.nl
communication-trackontrade.deloitte.nl
tax-i-d.deloitte.nl
secureupload.deloitte.nl
4me.qa
4me.qa
usap41.us.deloitte.com
oraclecloudextractor.clipper-nonprod.deloitte.nl
regminer-acc-admin.clipper-nonprod.deloitte.nl
dkmt.deloitte.nl
alumni.deloitte.nl
webapps.deloitte.nl
sts.deloitte.nl
sso.deloitte.nl
rb-client-impact.deloitte.nl
meet.deloitte.nl
usap42.us.deloitte.com
monitor-d.drop.deloitte.nl
sip.deloitte.nl
mail2.deloitte.nl
publications.deloitte.nl
communication-test-trackontrade.deloitte.nl

Certificate

The complete raw certificate details for www.deloitte.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG8TCCBNmgAwIBAgIIfpMySFmQiW4wDQYJKoZIhvcNAQELBQAwcTELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMRcwFQYDVQRhDA5OVFJOTC0yNzEyNDcw
MTE2MDQGA1UEAwwtS1BOIEJWIFBLSW92ZXJoZWlkIE9yZ2FuaXNhdGllIFNlcnZl
ciBDQSAtIEczMB4XDTE4MTAyMjA4MDAwMloXDTIwMTAyMTA4MDAwMlowgZ4xCzAJ
BgNVBAYTAk5MMRUwEwYDVQQIDAxadWlkLUhvbGxhbmQxEjAQBgNVBAcMCVJvdHRl
cmRhbTEdMBsGA1UECgwURGVsb2l0dGUgQWNjb3VudGFudHMxDDAKBgNVBAsMA0dT
QzEdMBsGA1UEBRMUMDAwMDAwMDMyNDM2Mjg1MzAwMDAxGDAWBgNVBAMMD3d3dy5k
ZWxvaXR0ZS5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ8idIpr
MybDFqIwezhEb4xsphdfYvslGgX9y8Kr5btZlBLA9GT2Frt+8ZVwDfqsJExCHtqp
CHcmsIb6b4vAVgZf/M0JV/xDtJOWh2fgr0wYw8itv4+dZtLl6+ReGnK3+jVen6Vw
Bl27heHkOqDATJZv1GWqQmmpEKCeQdItPNCVjjm7Abrbsmqx3w0yF/7Aezw+PE5E
+z7JGzaAU+3Lk2AQ58xXdvwHbI+D+LpUbucfAerqIrOcoQB6f1wGHLhfWpnErZXX
8d9q78QhiJYsHD8lEcIttubGfa1wT7vzMlETW3MXoxec32lMhQ2EToPlwAs61EV8
NJYxKpLYfRiMD4kCAwEAAaOCAl0wggJZMIGUBggrBgEFBQcBAQSBhzCBhDBYBggr
BgEFBQcwAoZMaHR0cDovL2NlcnQubWFuYWdlZHBraS5jb20vQ0FjZXJ0cy9LUE5C
VlBLSW92ZXJoZWlkT3JnYW5pc2F0aWVTZXJ2ZXJDQUczLmNlcjAoBggrBgEFBQcw
AYYcaHR0cDovL2czb2NzcC5tYW5hZ2VkcGtpLmNvbTAdBgNVHQ4EFgQUvK5vxKIv
vy5ciXa6KaWgq3tEiRcwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTDmqZ7XnQr
grbGcv10ToXSl839GDCBsQYDVR0gBIGpMIGmMIGZBgpghBABh2sBAgUGMIGKMDcG
CCsGAQUFBwIBFitodHRwczovL2NlcnRpZmljYWF0Lmtwbi5jb20vcGtpb3Zlcmhl
aWQvY3BzME8GCCsGAQUFBwICMEMMQU9wIGRpdCBjZXJ0aWZpY2FhdCBpcyBoZXQg
Q1BTIFBLSW92ZXJoZWlkIHZhbiBLUE4gdmFuIHRvZXBhc3NpbmcuMAgGBmeBDAEC
AjBeBgNVHR8EVzBVMFOgUaBPhk1odHRwOi8vY3JsLm1hbmFnZWRwa2kuY29tL0tQ
TkJWUEtJb3ZlcmhlaWRPcmdhbmlzYXRpZVNlcnZlckNBRzMvTGF0ZXN0Q1JMLmNy
bDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB
MBoGA1UdEQQTMBGCD3d3dy5kZWxvaXR0ZS5ubDATBgorBgEEAdZ5AgQDAQH/BAIF
ADANBgkqhkiG9w0BAQsFAAOCAgEAjTYyhVbSAe4qObAiZkof6rmFPmSUt/CI+qW9
UZbrtMgL8yFu3KdBjtylE2kNO7mJyxAMRaC1SuWQIAlYvjA9yjP/2AdcAWt5+PQz
E/RgLHe2LEPQzKkjx96+DD0Rn3Jf4yKyggKHq2ifSkZBL5aWWDnvNBNmb90JIxdK
CUsE5m/SzqLSeATTYsSwQyuvnebhvRyCloNkbl/DzFEQqEsc+6zMxUZQzTsqYnTX
Gl3uNoOf+UfAQKrSHG4bYmUkONwv/DA0mVG2NXH/76T0ElpvXFE8wJK/H3behiSp
yW7BV0aii3/ECJAdjop6GeoSes1QQkGGLb3bAW+mNG2sscFOkjhBzARCJAmwfxVm
BaMG8guUKZD70l4qwUqMlITNfS2z89j/Ed5X9jeivICf3xAUlsv4ezqs6lEo8q9q
kdQm/ICFQeSiQ1ibqn0fInvUB3eo8ZUDpvMhR4oXHBJfFEoeLMvafz6M0RGIRLRf
7ORbki9U9EkToejrt5tHt+Yp2w8Tu9zPSWqn6GviAyA2ltz/5L/bGtzKzhmeZD5S
rfSSpC9YRxHeX3w22JNC0htGKxRo8YZRIIxX4cNmj+ljSF0/DfemtjR+EcbP34OO
VIh0bGK1vodjoZjgm40ClsvbkQyJnuxgQ+R+qjJtv2lx8ORrUb94aaJDcoftboO3
gNzTcmI=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyJ0imszJsMWojB7OERv
jGymF19i+yUaBf3Lwqvlu1mUEsD0ZPYWu37xlXAN+qwkTEIe2qkIdyawhvpvi8BW
Bl/8zQlX/EO0k5aHZ+CvTBjDyK2/j51m0uXr5F4acrf6NV6fpXAGXbuF4eQ6oMBM
lm/UZapCaakQoJ5B0i080JWOObsButuyarHfDTIX/sB7PD48TkT7PskbNoBT7cuT
YBDnzFd2/Adsj4P4ulRu5x8B6uois5yhAHp/XAYcuF9amcStldfx32rvxCGIliwc
PyURwi225sZ9rXBPu/MyURNbcxejF5zfaUyFDYROg+XACzrURXw0ljEqkth9GIwP
iQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 9120688956677065070
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.97
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'NTRNL-27124701'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN BV PKIoverheid Organisatie Server CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-22 08:00:02 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-10-21 08:00:02 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Zuid-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Rotterdam'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Deloitte Accountants'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'GSC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000003243628530000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'www.deloitte.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20088881000263566658272241111089875490240506776450277231367822431438739533182695875094667960242571379218544469075036030946054246982832010423551857573253237527560119996209099612801729898676762555693324275460811330405964614857509623427435887826639535453754441986790002494753410909872948683515419578637137163206423731716447008362818771749374351057882922748090519274927873103243466631340346934473827345794851942693913398850214724965410377762227199341076490198385876049194216718896150971546252811208355561629586571412640006174721869841895478083777991381478247366282735787328057636877969704380025357225602371883976547372937
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g3ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							bcae6fc4a22fbf2e5c8976ba29a5a0ab7b448917
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c39aa67b5e742b82b6c672fd744e85d297cdfd18
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (19 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.deloitte.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		008d36328556d201ee2a39b022664a1feab9853e6494b7f088faa5bd5196ebb4c80bf3216edca7418edca513690d3bb989cb100c45a0b54ae590200958be303dca33ffd8075c016b79f8f43313f4602c77b62c43d0cca923c7debe0c3d119f725fe322b2820287ab689f4a46412f96965839ef3413666fdd0923174a094b04e66fd2cea2d27804d362c4b0432baf9de6e1bd1c829683646e5fc3cc5110a84b1cfbacccc54650cd3b2a6274d71a5dee36839ff947c040aad21c6e1b62652438dc2ffc30349951b63571ffefa4f4125a6f5c513cc092bf1f76de8624a9c96ec15746a28b7fc408901d8e8a7a19ea127acd504241862dbddb016fa6346dacb1c14e923841cc04422409b07f156605a306f20b942990fbd25e2ac14a8c9484cd7d2db3f3d8ff11de57f637a2bc809fdf101496cbf87b3aacea5128f2af6a91d426fc808541e4a243589baa7d1f227bd40777a8f19503a6f321478a171c125f144a1e2ccbda7f3e8cd1118844b45fece45b922f54f44913a1e8ebb79b47b7e629db0f13bbdccf496aa7e86be203203696dcffe4bfdb1adccace199e643e52adf492a42f584711de5f7c36d89342d21b462b1468f18651208c57e1c3668fe963485d3f0df7a6b6347e11c6cfdf838e5488746c62b5be8763a198e09b8d0296cbdb910c899eec6043e47eaa326dbf6971f0e46b51bf7869a2437287ed6e83b780dcd37262