actieabonnement.live.hearst.aubergine-it.nl

Issued by R3

About this certificate

This digital certificate with serial number 03:2a:bd:bc:9e:89:ba:98:01:a2:ce:d5:64:65:11:7a:a4:45 was issued on by Let's Encrypt.

With 49 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=actieabonnement.live.hearst.aubergine-it.nl

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:2a:bd:bc:9e:89:ba:98:01:a2:ce:d5:64:65:11:7a:a4:45
Serial Number (int): 275880920664505632670601551079571411608645
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 0c:de:3b:07:3d:23:6c:c7:1b:60:d6:52:0f:aa:0c:e5:12:60:c9:e0
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 66:1b:c5:b7:f8:7f:35:be:99:6f:0e:03:9f:c0:19:99:cd:87:a3:8a
Fingerprint (sha256): 25:2e:41:b4:c9:6e:f6:28:59:f1:97:68:07:1c:b7:c5:6b:2c:19:15:ca:2e:50:d1:6e:0d:f8:64:c5:7a:b9:7b

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate actieabonnement.live.hearst.aubergine-it.nl

49

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for actieabonnement.live.hearst.aubergine-it.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

abonnement.bicycling.nl
abonnement.cosmopolitan.com
abonnement.elle.nl
abonnement.esquire.com
abonnement.harpersbazaar.com
abonnement.hearst.nl
abonnement.jan-magazine.nl
abonnement.menshealth.com
abonnement.quest.nl
abonnement.questjunior.nl
abonnement.quotenet.nl
abonnement.runnersworld.com
abonnement.womenshealthmag.com
actieabonnement.live.hearst.aubergine-it.nl
actieabonnement.nl
bicycling.live.hearst.aubergine-it.nl
cosmopolitan.live.hearst.aubergine-it.nl
deco.elle.nl
elle.live.hearst.aubergine-it.nl
elledeco.live.hearst.aubergine-it.nl
elleeten.live.hearst.aubergine-it.nl
ellemagazine.live.hearst.aubergine-it.nl
esquire.live.hearst.aubergine-it.nl
eten.elle.nl
harpersbazaar.live.hearst.aubergine-it.nl
historie.quest.nl
jan.live.hearst.aubergine-it.nl
kiosk.live.hearst.aubergine-it.nl
magazine.elle.nl
magazine.quest.nl
menshealth.live.hearst.aubergine-it.nl
mymagazines.live.hearst.aubergine-it.nl
mymagazines.nl
natgeo.live.hearst.aubergine-it.nl
natgeoshop.nl
psychologie.quest.nl
quest.live.hearst.aubergine-it.nl
questhistorie.live.hearst.aubergine-it.nl
questjunior.live.hearst.aubergine-it.nl
questmagazine.live.hearst.aubergine-it.nl
questpsychologie.live.hearst.aubergine-it.nl
questpuzzelmix.live.hearst.aubergine-it.nl
quote.live.hearst.aubergine-it.nl
runnersweb.live.hearst.aubergine-it.nl
shop.quest.nl
womenshealth.live.hearst.aubergine-it.nl
www.actieabonnement.nl
www.mymagazines.nl
www.natgeoshop.nl

Other certificates including the domain name aubergine-it.nl

(limited to 100 certificates)
support.aubergine-it.nl
ikgastarten.drupal.aubergine-it.nl
acties.bicycling.nl
www.aubergine-it.nl
www.aubergine-it.nl
acties.bicycling.nl
elle.hearst.aubergine-it.nl
acties.bicycling.nl
actieabonnement.live.hearst.aubergine-it.nl
actieabonnement.live.hearst.aubergine-it.nl
ikgastarten.drupal.aubergine-it.nl
paprika.aubergine-it.nl
phonebook.aubergine-it.nl
stembureaus.test.aubergine-it.nl
dvprod.hearst.aubergine-it.nl
thic-prod.aubergine-it.nl
acties.bicycling.nl
www.redesign.thic.aubergine-it.nl
actieabonnement.live.hearst.aubergine-it.nl
hosting.aubergine-it.nl
aubergine-it.nl
stembureaus.acc.aubergine-it.nl
hosting.aubergine-it.nl
actieabonnement.live.hearst.aubergine-it.nl
jobs.aubergine-it.nl
actieabonnement.live.hearst.aubergine-it.nl
thicwebsite-test.aubergine-it.nl
abonnement.bicycling.nl
actieabonnement.live.hearst.aubergine-it.nl
www.thic.aubergine-it.nl
thic-acc.aubergine-it.nl
actieabonnement.live.hearst.aubergine-it.nl
www.aubergine-it.nl
glamour.hearst.aubergine-it.nl
dv.hearst.aubergine-it.nl
kiosk.live.hearst.aubergine-it.nl
www.aubergine-it.nl
www.aubergine-it.nl
www.dylanmagazine.nl
support.aubergine-it.nl
ikgastarten.drupal.aubergine-it.nl
bbhservice.aubergine-it.nl
www.fiscalert.nl
fca.aubergine-it.nl
ikgastarten.drupal.aubergine-it.nl
mwm2.aubergine-it.nl
actieabonnement.live.hearst.aubergine-it.nl
paprika.aubergine-it.nl
abonnement.bicycling.nl
paprika.aubergine-it.nl
thic-prod.aubergine-it.nl
actieabonnement.live.hearst.aubergine-it.nl
abonnement.fiscalert.nl
mwm2.aubergine-it.nl
ikgastarten.drupal.aubergine-it.nl
mwm2.aubergine-it.nl
ikgastarten.drupal.aubergine-it.nl
ikgastarten.drupal.aubergine-it.nl
acties.bicycling.nl
twom.aubergine-it.nl
ikgastarten.drupal.aubergine-it.nl
abonnement.bicycling.nl
actieabonnement.live.hearst.aubergine-it.nl
support.aubergine-it.nl
jobs.aubergine-it.nl
abonnement.bicycling.nl
actieabonnement.live.hearst.aubergine-it.nl
paprika.aubergine-it.nl
actieabonnement.live.hearst.aubergine-it.nl
paprika.aubergine-it.nl
proxy.aithostingbbh.aubergine-it.nl
support.aubergine-it.nl
acties.bicycling.nl
www.aubergine-it.nl
appointment.thic.aubergine-it.nl
paprika.aubergine-it.nl
dvprod.hearst.aubergine-it.nl
abonnement.fiscalert.nl
mwm2.aubergine-it.nl
mwm2.aubergine-it.nl
twom.aubergine-it.nl
actieabonnement.live.hearst.aubergine-it.nl
twom.aubergine-it.nl
actieabonnement.live.hearst.aubergine-it.nl
acties.bicycling.nl
www.hosting.aubergine-it.nl
filedump.hosting.aubergine-it.nl
twom.aubergine-it.nl
ikgastarten.drupal.aubergine-it.nl
chat.aubergine-it.nl
jobs.aubergine-it.nl
www.dylanmagazine.nl
ikgastarten.drupal.aubergine-it.nl
dv.hearst.aubergine-it.nl
abonnement.fiscalert.nl
support.aubergine-it.nl
www.dylanmagazine.nl
abonnement.bicycling.nl
ikgastarten.drupal.aubergine-it.nl
acties.bicycling.nl

Certificate

The complete raw certificate details for actieabonnement.live.hearst.aubergine-it.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIKyTCCCbGgAwIBAgISAyq9vJ6JupgBos7VZGUReqRFMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA5MTYwNzEyMTJaFw0yMzEyMTUwNzEyMTFaMDYxNDAyBgNVBAMT
K2FjdGllYWJvbm5lbWVudC5saXZlLmhlYXJzdC5hdWJlcmdpbmUtaXQubmwwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLFhwJYzWxeoa6ORIIA6JJFVwh
hgyANqjBmCTFQCp+xFOK8Ab1O1McB8SCtC8zZNR0h3uRRf/YkAOrMTAY1o4SH1TC
stTYSS+dSEHLbNrZ0NyWE075pTr6B28ZcC/rBoO4wzzUtRHvGQlUGIfX/a11ij5n
BdnqHYpuZPANtu+Tq2E7S/gTXJAlIj4oZliqYoC7ohaEIeozeukE+3In3lF2fSGS
fyzBH+ZSoBvfKjQFJqlmeUYK1MnqfAhW+BEHZgaijcrHDfk+pIchq4Hx7aW9O+S6
TsJ38kStVEJ6ANFpMzkzAobCBmEeqXWCyFxPtlCAy3oFygbdmBPAO3K0AcyPAgMB
AAGjggfTMIIHzzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAzeOwc9I2zHG2DWUg+q
DOUSYMngMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUF
BwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsG
AQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMIIF2gYDVR0RBIIF0TCCBc2C
F2Fib25uZW1lbnQuYmljeWNsaW5nLm5sghthYm9ubmVtZW50LmNvc21vcG9saXRh
bi5jb22CEmFib25uZW1lbnQuZWxsZS5ubIIWYWJvbm5lbWVudC5lc3F1aXJlLmNv
bYIcYWJvbm5lbWVudC5oYXJwZXJzYmF6YWFyLmNvbYIUYWJvbm5lbWVudC5oZWFy
c3QubmyCGmFib25uZW1lbnQuamFuLW1hZ2F6aW5lLm5sghlhYm9ubmVtZW50Lm1l
bnNoZWFsdGguY29tghNhYm9ubmVtZW50LnF1ZXN0Lm5sghlhYm9ubmVtZW50LnF1
ZXN0anVuaW9yLm5sghZhYm9ubmVtZW50LnF1b3RlbmV0Lm5sghthYm9ubmVtZW50
LnJ1bm5lcnN3b3JsZC5jb22CHmFib25uZW1lbnQud29tZW5zaGVhbHRobWFnLmNv
bYIrYWN0aWVhYm9ubmVtZW50LmxpdmUuaGVhcnN0LmF1YmVyZ2luZS1pdC5ubIIS
YWN0aWVhYm9ubmVtZW50Lm5sgiViaWN5Y2xpbmcubGl2ZS5oZWFyc3QuYXViZXJn
aW5lLWl0Lm5sgihjb3Ntb3BvbGl0YW4ubGl2ZS5oZWFyc3QuYXViZXJnaW5lLWl0
Lm5sggxkZWNvLmVsbGUubmyCIGVsbGUubGl2ZS5oZWFyc3QuYXViZXJnaW5lLWl0
Lm5sgiRlbGxlZGVjby5saXZlLmhlYXJzdC5hdWJlcmdpbmUtaXQubmyCJGVsbGVl
dGVuLmxpdmUuaGVhcnN0LmF1YmVyZ2luZS1pdC5ubIIoZWxsZW1hZ2F6aW5lLmxp
dmUuaGVhcnN0LmF1YmVyZ2luZS1pdC5ubIIjZXNxdWlyZS5saXZlLmhlYXJzdC5h
dWJlcmdpbmUtaXQubmyCDGV0ZW4uZWxsZS5ubIIpaGFycGVyc2JhemFhci5saXZl
LmhlYXJzdC5hdWJlcmdpbmUtaXQubmyCEWhpc3RvcmllLnF1ZXN0Lm5sgh9qYW4u
bGl2ZS5oZWFyc3QuYXViZXJnaW5lLWl0Lm5sgiFraW9zay5saXZlLmhlYXJzdC5h
dWJlcmdpbmUtaXQubmyCEG1hZ2F6aW5lLmVsbGUubmyCEW1hZ2F6aW5lLnF1ZXN0
Lm5sgiZtZW5zaGVhbHRoLmxpdmUuaGVhcnN0LmF1YmVyZ2luZS1pdC5ubIInbXlt
YWdhemluZXMubGl2ZS5oZWFyc3QuYXViZXJnaW5lLWl0Lm5sgg5teW1hZ2F6aW5l
cy5ubIIibmF0Z2VvLmxpdmUuaGVhcnN0LmF1YmVyZ2luZS1pdC5ubIINbmF0Z2Vv
c2hvcC5ubIIUcHN5Y2hvbG9naWUucXVlc3QubmyCIXF1ZXN0LmxpdmUuaGVhcnN0
LmF1YmVyZ2luZS1pdC5ubIIpcXVlc3RoaXN0b3JpZS5saXZlLmhlYXJzdC5hdWJl
cmdpbmUtaXQubmyCJ3F1ZXN0anVuaW9yLmxpdmUuaGVhcnN0LmF1YmVyZ2luZS1p
dC5ubIIpcXVlc3RtYWdhemluZS5saXZlLmhlYXJzdC5hdWJlcmdpbmUtaXQubmyC
LHF1ZXN0cHN5Y2hvbG9naWUubGl2ZS5oZWFyc3QuYXViZXJnaW5lLWl0Lm5sgipx
dWVzdHB1enplbG1peC5saXZlLmhlYXJzdC5hdWJlcmdpbmUtaXQubmyCIXF1b3Rl
LmxpdmUuaGVhcnN0LmF1YmVyZ2luZS1pdC5ubIImcnVubmVyc3dlYi5saXZlLmhl
YXJzdC5hdWJlcmdpbmUtaXQubmyCDXNob3AucXVlc3QubmyCKHdvbWVuc2hlYWx0
aC5saXZlLmhlYXJzdC5hdWJlcmdpbmUtaXQubmyCFnd3dy5hY3RpZWFib25uZW1l
bnQubmyCEnd3dy5teW1hZ2F6aW5lcy5ubIIRd3d3Lm5hdGdlb3Nob3AubmwwEwYD
VR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdwC3Pvsk
35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYqdDCLqAAAEAwBIMEYCIQD5
ZlGb3mfattIwaU6Cc1Winln/E1j3ptR4J5nfhNfaVAIhAOlAvNj0yLUgVaCuXH6O
UDbBx5YY5aPC0R8pbB7alCnXAHUAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6
V6NS61IAAAGKnQwi9gAABAMARjBEAiA8J5YFBoxrJKWjYr1T9bNYg2u4R/WYH0xq
G9v/JMdiEQIgAwLHtcBs/2fg0KvdWPnB8GtSifmLxLZAJBgal1KQAg4wDQYJKoZI
hvcNAQELBQADggEBAHTQnFyoTOt5R77wzSqUtPgbpYTMoVotp9+m+ZEvmDMfzTcp
wYyaxmxPBsbInnWbKZfV5idpMvZFTs1Fl1jIMEbLOfGKZdsV4HxnK+ot9Gb+bSuU
t+c9QjEy/yU14dtWCRm+m7K31DQXWdFkRp8/TR+lTorkrkCqN/g02viYO5KEt6Au
GzM3CVneU54dJSq/kjS8gJTp/+eBP83uf+1HjhT4lzW++Evz08VaEmNQrR8NU3CN
ak8J3TKU+ILJ/fX8GY0fX3ylOa8Z6J5b/rp5ZWslWd4JH5yCxMGuYkZ8FzmnI53u
5KOTl4NJM8xwZz1Vz8WarDNS2yHM8hudONYrgh8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxYcCWM1sXqGujkSCAOi
SRVcIYYMgDaowZgkxUAqfsRTivAG9TtTHAfEgrQvM2TUdId7kUX/2JADqzEwGNaO
Eh9UwrLU2EkvnUhBy2za2dDclhNO+aU6+gdvGXAv6waDuMM81LUR7xkJVBiH1/2t
dYo+ZwXZ6h2KbmTwDbbvk6thO0v4E1yQJSI+KGZYqmKAu6IWhCHqM3rpBPtyJ95R
dn0hkn8swR/mUqAb3yo0BSapZnlGCtTJ6nwIVvgRB2YGoo3Kxw35PqSHIauB8e2l
vTvkuk7Cd/JErVRCegDRaTM5MwKGwgZhHql1gshcT7ZQgMt6BcoG3ZgTwDtytAHM
jwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 275880920664505632670601551079571411608645
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-16 07:12:12 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-15 07:12:11 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'actieabonnement.live.hearst.aubergine-it.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25637278517901090397973525535170195444802340853951881298679387334800132184981717760502027628536153029688847217160656378027426466056634615726251282524778520683957938997304562221683231173629808663711472455944161545391722841391441988497564116775224951286898041770213566912306098265730349818302933617697625257341448468705452534154555580020131421078709912654451917460955719913471584021741455712140522673671073631961676442094767236698532692046092635577781533792654704298035664437926511837188410494627959909277108158505514179770066168435980606470568762975346795998634275712341474972913797766662856018641003839498614407810191
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0cde3b073d236cc71b60d6520faa0ce51260c9e0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1489 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.bicycling.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.cosmopolitan.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.elle.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.esquire.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.harpersbazaar.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.hearst.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.jan-magazine.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.menshealth.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.quest.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.questjunior.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.quotenet.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.runnersworld.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'abonnement.womenshealthmag.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'actieabonnement.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'actieabonnement.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bicycling.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cosmopolitan.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'deco.elle.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'elle.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'elledeco.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'elleeten.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ellemagazine.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'esquire.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eten.elle.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'harpersbazaar.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'historie.quest.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jan.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kiosk.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'magazine.elle.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'magazine.quest.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'menshealth.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mymagazines.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mymagazines.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'natgeo.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'natgeoshop.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'psychologie.quest.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'quest.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'questhistorie.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'questjunior.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'questmagazine.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'questpsychologie.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'questpuzzelmix.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'quote.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'runnersweb.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shop.quest.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'womenshealth.live.hearst.aubergine-it.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.actieabonnement.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mymagazines.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.natgeoshop.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007700b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb4990000018a9d0c22ea0000040300483046022100f966519bde67dab6d230694e827355a29e59ff1358f7a6d4782799df84d7da54022100e940bcd8f4c8b52055a0ae5c7e8e5036c1c79618e5a3c2d11f296c1eda9429d70075007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb520000018a9d0c22f6000004030046304402203c279605068c6b24a5a362bd53f5b358836bb847f5981f4c6a1bdbff24c7621102200302c7b5c06cff67e0d0abdd58f9c1f06b5289f98bc4b64024181a975290020e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0074d09c5ca84ceb7947bef0cd2a94b4f81ba584cca15a2da7dfa6f9912f98331fcd3729c18c9ac66c4f06c6c89e759b2997d5e6276932f6454ecd459758c83046cb39f18a65db15e07c672bea2df466fe6d2b94b7e73d423132ff2535e1db560919be9bb2b7d4341759d164469f3f4d1fa54e8ae4ae40aa37f834daf8983b9284b7a02e1b33370959de539e1d252abf9234bc8094e9ffe7813fcdee7fed478e14f89735bef84bf3d3c55a126350ad1f0d53708d6a4f09dd3294f882c9fdf5fc198d1f5f7ca539af19e89e5bfeba79656b2559de091f9c82c4c1ae62467c1739a7239deee4a39397834933cc70673d55cfc59aac3352db21ccf21b9d38d62b821f