planon-a.universiteitleiden.nl

- Leiden University -

Issued by TERENA SSL CA 3

About this certificate

This digital certificate with serial number 0c:0e:11:04:85:6e:36:aa:af:29:c8:d4:1d:42:f4:08 was issued on by TERENA.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Leiden University

Organization: Leiden University
Organization unit: ISSC
Locality: Leiden
Country: NL

TERENA

Organization: TERENA
State / Province: Noord-Holland
Locality: Amsterdam
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 0c:0e:11:04:85:6e:36:aa:af:29:c8:d4:1d:42:f4:08
Serial Number (int): 16023773264609136499854580234531828744
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 7c:5d:80:6f:73:25:34:5c:21:2a:f6:16:85:b8:97:55:39:20:be:3c
AuthorityKeyId: 67:fd:88:20:14:27:98:c7:09:d2:25:19:bb:e9:51:11:63:75:50:62

Fingerprint (sha1): a0:94:c5:00:19:57:6b:3a:1a:fd:e5:91:48:0c:20:66:83:fd:03:de
Fingerprint (sha256): 28:a5:c0:af:82:53:57:4a:a4:6f:7f:4d:e7:d3:87:fb:54:ff:f6:b6:ba:61:d7:e5:67:b7:78:f7:82:e5:11:47

Issuing Certificate URL: http://cacerts.digicert.com/TERENASSLCA3.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/TERENASSLCA3.crl
CRL Distribution Point: http://crl4.digicert.com/TERENASSLCA3.crl

Check the revocation status for certificate planon-a.universiteitleiden.nl

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for planon-a.universiteitleiden.nl

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

planonlive-a.leidenuniv.nl
planon-a.leidenuniv.nl
planon-a.universiteitleiden.nl
studenthousing-a.leidenuniv.nl

Other certificates including the domain name universiteitleiden.nl

(limited to 100 certificates)
bachelors.universiteitleiden.nl
scharrelaar-p1.leidenuniv.nl
springoffer.universiteitleiden.nl
weblectures-a.leidenuniv.nl
phdcareerplatform.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
form.services.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
studiegids-p.leidenuniv.nl
ooievaar.web.leidenuniv.nl
scharrelaar-p3.leidenuniv.nl
helpdesk.universiteitleiden.nl
depthoffield.universiteitleiden.nl
aqa.universiteitleiden.nl
acquisitions.library.universiteitleiden.nl
cms-a.universiteitleiden.nl
planon-a.universiteitleiden.nl
web.universiteitleiden.nl
grasparkiet.leidenuniv.nl
aqa.universiteitleiden.nl
trail.universiteitleiden.nl
cms.universiteitleiden.nl
depthoffield.universiteitleiden.nl
www.universiteitleiden.nl
masters.universiteitleiden.nl
sapbo-acc.universiteitleiden.nl
planon-t.universiteitleiden.nl
ooievaar.web.leidenuniv.nl
ask-a-librarian.universiteitleiden.nl
scharrelaar-p3.leidenuniv.nl
presto-a.universiteitleiden.nl
grasparkiet.leidenuniv.nl
webpresentations-a.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
mfa.services.universiteitleiden.nl
mysites.universiteitleiden.nl
bachelors.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
mfa-a.services.universiteitleiden.nl
www.jotform3.leidenuniv.nl
finder.library.universiteitleiden.nl
scriptiebeoordeling-law.universiteitleiden.nl
planon.universiteitleiden.nl
redirectservice.universiteitleiden.nl
wiki.cfer.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
tornado-p-https.web.leidenuniv.nl
wbs.universiteitleiden.nl
tdm.universiteitleiden.nl
video.universiteitleiden.nl
planon.universiteitleiden.nl
aqa.universiteitleiden.nl
lu-card-activeren-a.universiteitleiden.nl
studiegids.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
video.universiteitleiden.nl
helpdesk-o.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
phdcareerplatform.universiteitleiden.nl
planon-a.universiteitleiden.nl
lenteactie.universiteitleiden.nl
aqa.universiteitleiden.nl
acquisitions.library.universiteitleiden.nl
aqa.universiteitleiden.nl
benb.universiteitleiden.nl
aqa.universiteitleiden.nl
aqa.universiteitleiden.nl
topaza-t.leidenuniv.nl
www-r.universiteitleiden.nl
omeroweb.services.universiteitleiden.nl
kokmeeuw.leidenuniv.nl
aqa.universiteitleiden.nl
indonesie.universiteitleiden.nl
gitlab.services.universiteitleiden.nl
scharrelaar-p3.leidenuniv.nl
studyspots.universiteitleiden.nl
mfa-a.services.universiteitleiden.nl
phdcareerplatform.universiteitleiden.nl
grasparkiet.leidenuniv.nl
rooster.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
jatos.services.universiteitleiden.nl
webpresentations.universiteitleiden.nl
bookandbyte.universiteitleiden.nl
hop-qa.leidenuniv.nl
brightspacesupport.universiteitleiden.nl
sshgw01.alice.universiteitleiden.nl
numerusfixus.universiteitleiden.nl
weblectures.leidenuniv.nl
aqa.universiteitleiden.nl
account-a.services.universiteitleiden.nl
p-issc-009996.infra.leidenuniv.nl
jatos-t.services.universiteitleiden.nl
finder.library.universiteitleiden.nl
aqa.universiteitleiden.nl
lithium.liacs.nl
scharrelaar-p1.leidenuniv.nl
depthoffield.universiteitleiden.nl
indonesie.universiteitleiden.nl
aqa.universiteitleiden.nl

Certificate

The complete raw certificate details for planon-a.universiteitleiden.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIEDCCBvigAwIBAgIQDA4RBIVuNqqvKcjUHUL0CDANBgkqhkiG9w0BAQsFADBk
MQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJ
QW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wg
Q0EgMzAeFw0xOTA5MjUwMDAwMDBaFw0yMTA5MjkxMjAwMDBaMHIxCzAJBgNVBAYT
Ak5MMQ8wDQYDVQQHEwZMZWlkZW4xGjAYBgNVBAoTEUxlaWRlbiBVbml2ZXJzaXR5
MQ0wCwYDVQQLEwRJU1NDMScwJQYDVQQDEx5wbGFub24tYS51bml2ZXJzaXRlaXRs
ZWlkZW4ubmwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfDDZKf8Ma
OrUT5XcRIVtzdohdq+2NHjuywCxobqVVL9oX3EfoYgEFWW8OjOeAdn5BSoIIkTe3
B6LvONfuVa/W/vwB8IhQOBq4C+Ll1lmAq5dPlmj+DSGNePRhDzE9Z2f/9fNwPV2w
UF944cy+/sJkgYSzPtEm5HMkFE6oQ/JFUVcMir7IDMX1N7+yHoWuS1Iu0iN22tHV
tWWLqqZ3mHeMnW+o8LzrBUDPVXlEA7wbI0wfywLpHMVq6Okt4tvHT8C6uQb/mR0f
RDUuJHGpqAzJujkaxJtMGWExPtW6znkrwguq8G93PNp11AsvZKGAc1r2HRnLgA0g
uST2JpTWKkvj69Gthu8fD2V+RFwYFOt7oH0OPjg9F4fzCk6kjJgBhA5RfUNGP4ul
YE3QTQ+57/W61QYsAoXgNhQ+qlSiFbj2wWJcCUGunwk2pjLCpoFeGkWY2fOxUTTE
K9hJy9whqhKOtzOVySS9CUVBUMv7qx/TtE1NFcdnGQeuUUQxYlhLcepgAQ877FC4
0D+aAZ7yMqaKjR1CTXMSC7dNc9fOr1eS/rnFA5CPwta3t9MFtLWz7BOIlLA4lJUp
ZWIsBNiiuJZLNp+s+enTEOt8FTLnpdIy9dLEOfIRzCN7boucC3O1ejz+UdknNMuo
mGYItQIXoVh7dcSkLZFkhGPeqlZd3dqlQQIDAQABo4IDrjCCA6owHwYDVR0jBBgw
FoAUZ/2IIBQnmMcJ0iUZu+lREWN1UGIwHQYDVR0OBBYEFHxdgG9zJTRcISr2FoW4
l1U5IL48MH0GA1UdEQR2MHSCGnBsYW5vbmxpdmUtYS5sZWlkZW51bml2Lm5sghZw
bGFub24tYS5sZWlkZW51bml2Lm5sgh5wbGFub24tYS51bml2ZXJzaXRlaXRsZWlk
ZW4ubmyCHnN0dWRlbnRob3VzaW5nLWEubGVpZGVudW5pdi5ubDAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIw
L6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3Js
MC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNy
bDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczov
L3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjBuBggrBgEFBQcBAQRiMGAw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA4BggrBgEFBQcw
AoYsaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcnQw
DAYDVR0TAQH/BAIwADCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYAu9nfvB+K
cbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFtaCUVmAAABAMARzBFAiEA0Cgd
/uPHMpz1IdEIunyALRtqEH9LWbh5xw+yGw86WhoCIA9xGqo1gDUAdo7tRmOE8IgJ
VgLBshIze8+k8XIxKeH/AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16g
gw8AAAFtaCUV7AAABAMARzBFAiAfBVmGXy3mnBjlFsdqx+MgvtTtS9KGy5HdHpaJ
VtbGxgIhAPM+gUfgWs2tQL5+1SzRimFxR8YI1t/NRtyXnz76wr3dAHcARJRlLrDu
zq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFtaCUU8AAABAMASDBGAiEA5hqb
MycaDTsaTU0wazK2XgQbmcKCpp7EDW4XaXOkoOMCIQDVwDI/Yb3TeTFHhCgVQ29N
bEupby4Hn0CvqnmVQnbEfTANBgkqhkiG9w0BAQsFAAOCAQEAFxKxAUmXTeoPeZKD
QxYhWZY1BZqjgl52ejl2uwacO6eswZ/KlDuPY7nd5I9qwHNgCEz8PBWxC78bgKhB
VyKBPx0xUMNzQtayoDMqgLlJA5z2uH5ZVRTUU+IYSckMaWsiiTSTQl2PbVLZgs0y
1EELymY5vp4B2/MIsyW2Ox8DRyg6QTgSfMMtqo6PCVoV/v2wpcsJKitHSezN7B63
coXXjyGLPbLr3IUyCFZq9OeBeeqhI5CkiwLdOF97HuW9mNOzjYh1OtafYpQblCo9
NBs4kDhKjDo7tTlBki/yxyFFRytTouJhz5oVlX8+lqNpsD9mklAC+u4k6PDImmUg
hd7O8w==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnww2Sn/DGjq1E+V3ESFb
c3aIXavtjR47ssAsaG6lVS/aF9xH6GIBBVlvDozngHZ+QUqCCJE3twei7zjX7lWv
1v78AfCIUDgauAvi5dZZgKuXT5Zo/g0hjXj0YQ8xPWdn//XzcD1dsFBfeOHMvv7C
ZIGEsz7RJuRzJBROqEPyRVFXDIq+yAzF9Te/sh6FrktSLtIjdtrR1bVli6qmd5h3
jJ1vqPC86wVAz1V5RAO8GyNMH8sC6RzFaujpLeLbx0/AurkG/5kdH0Q1LiRxqagM
ybo5GsSbTBlhMT7Vus55K8ILqvBvdzzaddQLL2ShgHNa9h0Zy4ANILkk9iaU1ipL
4+vRrYbvHw9lfkRcGBTre6B9Dj44PReH8wpOpIyYAYQOUX1DRj+LpWBN0E0Pue/1
utUGLAKF4DYUPqpUohW49sFiXAlBrp8JNqYywqaBXhpFmNnzsVE0xCvYScvcIaoS
jrczlckkvQlFQVDL+6sf07RNTRXHZxkHrlFEMWJYS3HqYAEPO+xQuNA/mgGe8jKm
io0dQk1zEgu3TXPXzq9Xkv65xQOQj8LWt7fTBbS1s+wTiJSwOJSVKWViLATYoriW
SzafrPnp0xDrfBUy56XSMvXSxDnyEcwje26LnAtztXo8/lHZJzTLqJhmCLUCF6FY
e3XEpC2RZIRj3qpWXd3apUECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 16023773264609136499854580234531828744
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Noord-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amsterdam'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TERENA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TERENA SSL CA 3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-25 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-09-29 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Leiden'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Leiden University'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ISSC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'planon-a.universiteitleiden.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 648858019769637307529023267641331377212843904554499508681142553618071883044164851818773738177204228589864983028893054885692892357112007429628917031871550999626118355922488044537445856821956406578431521813451203848569297800425886273208610856449665607654909962734178627469339215615948546596289515131964449825507051422326997257978183225980521565452622427842180990441641646102815689879341240831635119319899739630558035621599457598969920593933918011887803663877794675748035818400300815353811518514648275878578559495150792566253588412989820889074007012746782578755100317503571335162226527651624578211206982491602735388635069591134584403142444901501919166897885098559582425901046857455023925726469384238783736095348859100187967871953424786934425268673693905917615656534343331551091430418340074991428658014271096098249645200168912822276095719995058220746158783053007412361098872231234585408129078768756831237078249952269521631711655194375619509788888320226240248292040534478951145563411588233840775890670011097085531146320733411039624804815052130626404176089932263614024807551936781740971887199381244292237858918897201704719643803773292640713387007325631885550129202491903429167490142069702964321811817823186709814203797887107704650861290817
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 67fd8820142798c709d22519bbe9511163755062
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							7c5d806f7325345c212af61685b897553920be3c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (118 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'planonlive-a.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'planon-a.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'planon-a.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'studenthousing-a.leidenuniv.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/TERENASSLCA3.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/TERENASSLCA3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (98 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/TERENASSLCA3.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016d682515980000040300473045022100d0281dfee3c7329cf521d108ba7c802d1b6a107f4b59b879c70fb21b0f3a5a1a02200f711aaa35803500768eed466384f088095602c1b212337bcfa4f1723129e1ff0076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016d682515ec000004030047304502201f0559865f2de69c18e516c76ac7e320bed4ed4bd286cb91dd1e968956d6c6c6022100f33e8147e05acdad40be7ed52cd18a617147c608d6dfcd46dc979f3efac2bddd0077004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016d682514f00000040300483046022100e61a9b33271a0d3b1a4d4d306b32b65e041b99c282a69ec40d6e176973a4a0e3022100d5c0323f61bdd3793147842815436f4d6c4ba96f2e079f40afaa79954276c47d
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001712b10149974dea0f799283431621599635059aa3825e767a3976bb069c3ba7acc19fca943b8f63b9dde48f6ac07360084cfc3c15b10bbf1b80a8415722813f1d3150c37342d6b2a0332a80b949039cf6b87e595514d453e21849c90c696b22893493425d8f6d52d982cd32d4410bca6639be9e01dbf308b325b63b1f0347283a4138127cc32daa8e8f095a15fefdb0a5cb092a2b4749eccdec1eb77285d78f218b3db2ebdc853208566af4e78179eaa12390a48b02dd385f7b1ee5bd98d3b38d88753ad69f62941b942a3d341b3890384a8c3a3bb53941922ff2c72145472b53a2e261cf9a15957f3e96a369b03f66925002faee24e8f0c89a652085decef3